diff --git a/.gitattributes b/.gitattributes index 6bd7389c8a..acecef0e19 100644 --- a/.gitattributes +++ b/.gitattributes @@ -6,7 +6,10 @@ # For git archive fuzz/corpora/** export-ignore Configurations/*.norelease.conf export-ignore +# We generally avoid anything with a name starting with a period. +# However, .ctags.d is precious, so we don't ignore that. .* export-ignore +.ctags.d !export-ignore util/mktar.sh export-ignore krb5 export-ignore pyca-cryptography export-ignore diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index cfab096ddf..a61727c275 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,4 +1,4 @@ -# Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -26,7 +26,7 @@ env: jobs: check_update: - runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} + runs-on: ubuntu-latest steps: - name: install unifdef run: | @@ -45,7 +45,7 @@ jobs: run: git diff --exit-code check_docs: - runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} + runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: config @@ -65,7 +65,7 @@ jobs: # We are not as strict with libraries, but rather adapt to what's # expected to be available in a certain version of each platform. check-ansi: - runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} + runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: config @@ -74,7 +74,7 @@ jobs: run: make -s -j4 basic_gcc: - runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} + runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule @@ -91,10 +91,15 @@ jobs: cat /proc/cpuinfo ./util/opensslwrap.sh version -c - name: make test - run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} + run: .github/workflows/make-test + - name: save artifacts + uses: actions/upload-artifact@v4 + with: + name: "ci@basic-gcc" + path: artifacts.tar.gz basic_clang: - runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} + runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule @@ -108,15 +113,15 @@ jobs: cat /proc/cpuinfo ./util/opensslwrap.sh version -c - name: make test - run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} + run: .github/workflows/make-test + - name: save artifacts + uses: actions/upload-artifact@v4 + with: + name: "ci@basic-clang" + path: artifacts.tar.gz - self-hosted: - if: github.repository == 'openssl/openssl' - strategy: - matrix: - os: [freebsd-13.2, ubuntu-arm64-22.04] - runs-on: ${{ matrix.os }}-self-hosted - continue-on-error: true + linux-arm64: + runs-on: ${{ github.repository == 'openssl/openssl' && 'linux-arm64' || 'ubuntu-24.04-arm' }} steps: - uses: actions/checkout@v4 - name: config @@ -126,12 +131,60 @@ jobs: - name: make run: make -j4 - name: get cpu info - run: ./util/opensslwrap.sh version -c + run: | + cat /proc/cpuinfo + ./util/opensslwrap.sh version -c - name: make test - run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} + run: .github/workflows/make-test + - name: save artifacts + uses: actions/upload-artifact@v4 + with: + name: "ci@linux-arm64" + path: artifacts.tar.gz + + freebsd-x86_64: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: config + uses: cross-platform-actions/action@v0.26.0 + with: + operating_system: freebsd + version: "13.4" + shutdown_vm: false + run: | + sudo pkg install -y gcc perl5 + ./config enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace + - name: config dump + uses: cross-platform-actions/action@v0.26.0 + with: + operating_system: freebsd + version: "13.4" + shutdown_vm: false + run: ./configdata.pm --dump + - name: make + uses: cross-platform-actions/action@v0.26.0 + with: + operating_system: freebsd + version: "13.4" + shutdown_vm: false + run: make -j4 + - name: make test + uses: cross-platform-actions/action@v0.26.0 + with: + operating_system: freebsd + version: "13.4" + run: | + ./util/opensslwrap.sh version -c + .github/workflows/make-test + - name: save artifacts + uses: actions/upload-artifact@v4 + with: + name: "ci@BSD-x86_64" + path: artifacts.tar.gz minimal: - runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} + runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule @@ -145,10 +198,15 @@ jobs: cat /proc/cpuinfo ./util/opensslwrap.sh version -c - name: make test - run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} + run: .github/workflows/make-test + - name: save artifacts + uses: actions/upload-artifact@v4 + with: + name: "ci@minimal" + path: artifacts.tar.gz no-deprecated: - runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} + runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule @@ -162,10 +220,15 @@ jobs: cat /proc/cpuinfo ./util/opensslwrap.sh version -c - name: make test - run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} + run: .github/workflows/make-test + - name: save artifacts + uses: actions/upload-artifact@v4 + with: + name: "ci@no-deprecated" + path: artifacts.tar.gz no-shared-ubuntu: - runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} + runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule @@ -179,11 +242,19 @@ jobs: cat /proc/cpuinfo ./util/opensslwrap.sh version -c - name: make test - run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} + run: .github/workflows/make-test + - name: save artifacts + uses: actions/upload-artifact@v4 + with: + name: "ci@no-shared-ubuntu" + path: artifacts.tar.gz no-shared-macos: - runs-on: macos-latest - if: github.server_url == 'https://github.com' + strategy: + fail-fast: false + matrix: + os: [macos-13, macos-14] + runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule @@ -197,10 +268,15 @@ jobs: sysctl machdep.cpu ./util/opensslwrap.sh version -c - name: make test - run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} + run: .github/workflows/make-test + - name: save artifacts + uses: actions/upload-artifact@v4 + with: + name: "ci@no-shared-${{ matrix.os }}" + path: artifacts.tar.gz non-caching: - runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} + runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule @@ -218,10 +294,15 @@ jobs: cat /proc/cpuinfo ./util/opensslwrap.sh version -c - name: make test - run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0 TESTS="-test_fuzz* -test_ssl_* -test_sslapi -test_evp -test_cmp_http -test_verify -test_cms -test_store -test_enc -[01][0-9]" + run: .github/workflows/make-test OPENSSL_TEST_RAND_ORDER=0 TESTS="-test_fuzz* -test_ssl_* -test_sslapi -test_evp -test_cmp_http -test_verify -test_cms -test_store -test_enc -[01][0-9]" + - name: save artifacts + uses: actions/upload-artifact@v4 + with: + name: "ci@non-caching" + path: artifacts.tar.gz address_ub_sanitizer: - runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} + runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule @@ -239,10 +320,15 @@ jobs: cat /proc/cpuinfo ./util/opensslwrap.sh version -c - name: make test - run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0 + run: .github/workflows/make-test OPENSSL_TEST_RAND_ORDER=0 + - name: save artifacts + uses: actions/upload-artifact@v4 + with: + name: "ci@address_ub_sanitizer" + path: artifacts.tar.gz fuzz_tests: - runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} + runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule @@ -260,10 +346,16 @@ jobs: cat /proc/cpuinfo ./util/opensslwrap.sh version -c - name: make test - run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0 TESTS="test_fuzz*" + run: .github/workflows/make-test OPENSSL_TEST_RAND_ORDER=0 TESTS="test_fuzz*" + - name: save artifacts + uses: actions/upload-artifact@v4 + with: + name: "ci@fuzz_tests" + path: artifacts.tar.gz + if-no-files-found: ignore memory_sanitizer: - runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} + runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule @@ -274,7 +366,7 @@ jobs: sudo sysctl -w vm.mmap_rnd_bits=28 - name: config # --debug -O1 is to produce a debug build that runs in a reasonable amount of time - run: CC=clang ./config --banner=Configured --debug -O1 -fsanitize=memory -DOSSL_SANITIZE_MEMORY -fno-optimize-sibling-calls enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips && perl configdata.pm --dump + run: CC=clang ./config --banner=Configured --debug no-shared -O1 -fsanitize=memory -DOSSL_SANITIZE_MEMORY -fno-optimize-sibling-calls enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips && perl configdata.pm --dump - name: make run: make -s -j4 - name: get cpu info @@ -282,10 +374,15 @@ jobs: cat /proc/cpuinfo ./util/opensslwrap.sh version -c - name: make test - run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0 + run: .github/workflows/make-test OPENSSL_TEST_RAND_ORDER=0 + - name: save artifacts + uses: actions/upload-artifact@v4 + with: + name: "ci@memory_sanitizer" + path: artifacts.tar.gz threads_sanitizer: - runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} + runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule @@ -295,7 +392,7 @@ jobs: sudo cat /proc/sys/vm/mmap_rnd_bits sudo sysctl -w vm.mmap_rnd_bits=28 - name: config - run: CC=clang ./config --banner=Configured no-fips --strict-warnings -fsanitize=thread && perl configdata.pm --dump + run: CC=clang ./config --banner=Configured no-shared no-fips --strict-warnings -g -fsanitize=thread && perl configdata.pm --dump - name: make run: make -s -j4 - name: get cpu info @@ -303,10 +400,15 @@ jobs: cat /proc/cpuinfo ./util/opensslwrap.sh version -c - name: make test - run: make V=1 TESTS="test_threads test_internal_provider test_provfetch test_provider test_pbe test_evp_kdf test_pkcs12 test_store test_evp test_quic*" test HARNESS_JOBS=${HARNESS_JOBS:-4} + run: .github/workflows/make-test V=1 TESTS="test_lhash test_threads test_internal_provider test_provfetch test_provider test_pbe test_evp_kdf test_pkcs12 test_store test_evp test_quic*" + - name: save artifacts + uses: actions/upload-artifact@v4 + with: + name: "ci@threads_sanitizer" + path: artifacts.tar.gz enable_non-default_options: - runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} + runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule @@ -322,10 +424,15 @@ jobs: cat /proc/cpuinfo ./util/opensslwrap.sh version -c - name: make test - run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} + run: .github/workflows/make-test + - name: save artifacts + uses: actions/upload-artifact@v4 + with: + name: "ci@enable_non-default_options" + path: artifacts.tar.gz full_featured: - runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} + runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule @@ -335,7 +442,7 @@ jobs: - name: Enable sctp run: sudo modprobe sctp - name: Enable auth in sctp - run: sudo sysctl -w net.sctp.auth_enable=1 + run: sudo sysctl -w net.sctp.auth_enable=1 - name: install extra config support run: sudo apt-get -y install libsctp-dev abigail-tools libzstd-dev zstd - name: config @@ -347,10 +454,15 @@ jobs: cat /proc/cpuinfo ./util/opensslwrap.sh version -c - name: make test - run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} + run: .github/workflows/make-test + - name: save artifacts + uses: actions/upload-artifact@v4 + with: + name: "ci@full_featured" + path: artifacts.tar.gz no-legacy: - runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} + runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule @@ -364,10 +476,15 @@ jobs: cat /proc/cpuinfo ./util/opensslwrap.sh version -c - name: make test - run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} + run: .github/workflows/make-test + - name: save artifacts + uses: actions/upload-artifact@v4 + with: + name: "ci@no-legacy" + path: artifacts.tar.gz legacy: - runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} + runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule @@ -381,7 +498,12 @@ jobs: cat /proc/cpuinfo ./util/opensslwrap.sh version -c - name: make test - run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} + run: .github/workflows/make-test + - name: save artifacts + uses: actions/upload-artifact@v4 + with: + name: "ci@legacy" + path: artifacts.tar.gz # out-of-source-and-install checks multiple things at the same time: # - That building, testing and installing works from an out-of-source @@ -389,7 +511,7 @@ jobs: # - That building, testing and installing works with a read-only source # tree out-of-readonly-source-and-install-ubuntu: - runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} + runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 with: @@ -417,15 +539,23 @@ jobs: ./util/opensslwrap.sh version -c working-directory: ./build - name: make test - run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} + run: ../source/.github/workflows/make-test working-directory: ./build + - name: save artifacts + uses: actions/upload-artifact@v4 + with: + name: "ci@out-of-readonly-source-and-install-ubuntu" + path: build/artifacts.tar.gz - name: make install run: make install working-directory: ./build out-of-readonly-source-and-install-macos: - runs-on: macos-latest - if: github.server_url == 'https://github.com' + strategy: + fail-fast: false + matrix: + os: [macos-13, macos-14] + runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v4 with: @@ -453,14 +583,19 @@ jobs: ./util/opensslwrap.sh version -c working-directory: ./build - name: make test - run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} + run: ../source/.github/workflows/make-test working-directory: ./build + - name: save artifacts + uses: actions/upload-artifact@v4 + with: + name: "ci@out-of-readonly-source-and-install-${{ matrix.os }}" + path: build/artifacts.tar.gz - name: make install run: make install working-directory: ./build external-tests: - runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} + runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 with: @@ -470,7 +605,7 @@ jobs: sudo apt-get update sudo apt-get -yq install bison gettext keyutils ldap-utils libldap2-dev libkeyutils-dev python3 python3-paste python3-pyrad slapd tcsh python3-virtualenv virtualenv python3-kdcproxy - name: install cpanm and Test2::V0 for gost_engine testing - uses: perl-actions/install-with-cpanm@v1 + uses: perl-actions/install-with-cpanm@stable with: install: Test2::V0 - name: setup hostname workaround @@ -493,7 +628,7 @@ jobs: run: make test TESTS="test_external_oqsprovider" external-test-pyca: - runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} + runs-on: ubuntu-latest strategy: matrix: RUST: @@ -509,7 +644,7 @@ jobs: - name: make run: make -s -j4 - name: Setup Python - uses: actions/setup-python@v5.0.0 + uses: actions/setup-python@v5.3.0 with: python-version: ${{ matrix.PYTHON }} - uses: dtolnay/rust-toolchain@master @@ -523,7 +658,7 @@ jobs: run: make test TESTS="test_external_pyca" VERBOSE=1 external-test-cf-quiche: - runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} + runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 with: diff --git a/.github/workflows/compiler-zoo.yml b/.github/workflows/compiler-zoo.yml index 4b500b12f7..4bc3a1bf65 100644 --- a/.github/workflows/compiler-zoo.yml +++ b/.github/workflows/compiler-zoo.yml @@ -19,17 +19,11 @@ jobs: matrix: zoo: [ { - cc: gcc-7, - distro: ubuntu-20.04 - }, { - cc: gcc-8, - distro: ubuntu-20.04 - }, { cc: gcc-9, - distro: ubuntu-20.04 + distro: ubuntu-22.04 }, { cc: gcc-10, - distro: ubuntu-20.04 + distro: ubuntu-22.04 }, { cc: gcc-11, distro: ubuntu-22.04 @@ -40,27 +34,12 @@ jobs: cc: gcc-13, distro: ubuntu-22.04, gcc-ppa-name: ubuntu-toolchain-r/test - }, { - cc: clang-6.0, - distro: ubuntu-20.04 - }, { - cc: clang-7, - distro: ubuntu-20.04 - }, { - cc: clang-8, - distro: ubuntu-20.04 - }, { - cc: clang-9, - distro: ubuntu-20.04 - }, { - cc: clang-10, - distro: ubuntu-20.04 }, { cc: clang-11, - distro: ubuntu-20.04 + distro: ubuntu-22.04 }, { cc: clang-12, - distro: ubuntu-20.04 + distro: ubuntu-22.04 }, { cc: clang-13, distro: ubuntu-22.04 diff --git a/.github/workflows/coveralls.yml b/.github/workflows/coveralls.yml index 6df0543e5d..90d72dde74 100644 --- a/.github/workflows/coveralls.yml +++ b/.github/workflows/coveralls.yml @@ -1,4 +1,4 @@ -# Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -50,7 +50,7 @@ jobs: sudo apt-get -yq install lcov sudo apt-get -yq install bison gettext keyutils ldap-utils libldap2-dev libkeyutils-dev python3 python3-paste python3-pyrad slapd tcsh python3-virtualenv virtualenv python3-kdcproxy - name: install Test2::V0 for gost_engine testing - uses: perl-actions/install-with-cpanm@v1 + uses: perl-actions/install-with-cpanm@stable with: install: Test2::V0 - name: setup hostname workaround @@ -76,7 +76,7 @@ jobs: --exclude "/usr/include/*" -o ./lcov.info - name: Coveralls upload - uses: coverallsapp/github-action@v2.2.3 + uses: coverallsapp/github-action@v2.3.2 with: github-token: ${{ secrets.github_token }} git-branch: ${{ matrix.branches.branch }} diff --git a/.github/workflows/cross-compiles.yml b/.github/workflows/cross-compiles.yml index c3dd90cab9..679eb661e6 100644 --- a/.github/workflows/cross-compiles.yml +++ b/.github/workflows/cross-compiles.yml @@ -1,4 +1,4 @@ -# Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -96,10 +96,7 @@ jobs: }, { arch: powerpc64le-linux-gnu, libs: libc6-dev-ppc64el-cross, - # The default compiler for this platform on Ubuntu 20.04 seems - # buggy and causes test failures. Dropping the optimisation level - # resolves it. - target: -O2 linux-ppc64le + target: linux-ppc64le }, { arch: riscv64-linux-gnu, libs: libc6-dev-riscv64-cross, @@ -126,7 +123,7 @@ jobs: }, { arch: m68k-linux-gnu, libs: libc6-dev-m68k-cross, - target: -mcfv4e linux-latomic -Wno-stringop-overflow no-quic, + target: -mcfv4e -mxgot linux-latomic -Wno-stringop-overflow no-quic, tests: none }, { arch: mips-linux-gnu, @@ -148,7 +145,7 @@ jobs: tests: none } ] - runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} + runs-on: ubuntu-latest steps: - name: install package repository if: matrix.platform.ppa != '' @@ -201,18 +198,24 @@ jobs: - name: make all tests if: github.event_name == 'push' && matrix.platform.tests == '' run: | - make test HARNESS_JOBS=${HARNESS_JOBS:-4} \ + .github/workflows/make-test \ TESTS="-test_afalg" \ QEMU_LD_PREFIX=/usr/${{ matrix.platform.arch }} - name: make some tests if: github.event_name == 'push' && matrix.platform.tests != 'none' && matrix.platform.tests != '' run: | - make test HARNESS_JOBS=${HARNESS_JOBS:-4} \ + .github/workflows/make-test \ TESTS="${{ matrix.platform.tests }} -test_afalg" \ QEMU_LD_PREFIX=/usr/${{ matrix.platform.arch }} - name: make evp tests if: github.event_name == 'pull_request' && matrix.platform.tests != 'none' run: | - make test HARNESS_JOBS=${HARNESS_JOBS:-4} \ + .github/workflows/make-test \ TESTS="test_evp*" \ QEMU_LD_PREFIX=/usr/${{ matrix.platform.arch }} + - name: save artifacts + uses: actions/upload-artifact@v4 + with: + name: "cross-compiles@${{ matrix.platform.arch }}" + path: artifacts.tar.gz + if-no-files-found: ignore diff --git a/.github/workflows/deploy-docs-openssl-org.yml b/.github/workflows/deploy-docs-openssl-org.yml new file mode 100644 index 0000000000..7b8e6838a7 --- /dev/null +++ b/.github/workflows/deploy-docs-openssl-org.yml @@ -0,0 +1,23 @@ +name: "Trigger docs.openssl.org deployment" + +on: + push: + branches: + - "openssl-3.[0-9]+" + - "master" + paths: + - "doc/man*/**" + +jobs: + trigger: + runs-on: ubuntu-latest + steps: + - name: "Trigger deployment workflow" + run: | + gh workflow run -f branch=${{ github.ref_name }} deploy-site.yaml + sleep 3 + RUN_ID=$(gh run list -w deploy-site.yaml -L 1 --json databaseId -q ".[0].databaseId") + gh run watch ${RUN_ID} --exit-status + env: + GH_REPO: "openssl/openssl-docs" + GH_TOKEN: ${{ secrets.OPENSSL_MACHINE_TOKEN }} diff --git a/.github/workflows/fips-checksums.yml b/.github/workflows/fips-checksums.yml index bbf135fd77..d286d78cb9 100644 --- a/.github/workflows/fips-checksums.yml +++ b/.github/workflows/fips-checksums.yml @@ -1,4 +1,4 @@ -# Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/.github/workflows/fips-label.yml b/.github/workflows/fips-label.yml index 853dfb20d8..ad175abc3f 100644 --- a/.github/workflows/fips-label.yml +++ b/.github/workflows/fips-label.yml @@ -80,6 +80,7 @@ jobs: } } - name: 'Cleanup artifact' + if: ${{ github.event.workflow_run.conclusion == 'success' }} run: rm artifact.zip pr_num - name: 'Download abidiff artifact' @@ -133,7 +134,7 @@ jobs: issue_number: pr_num, owner: context.repo.owner, repo: context.repo.repo, - name: 'severity: fips change' + name: 'severity: ABI change' }); } } diff --git a/.github/workflows/fuzz-checker.yml b/.github/workflows/fuzz-checker.yml index b9a73e539a..a280b410e5 100644 --- a/.github/workflows/fuzz-checker.yml +++ b/.github/workflows/fuzz-checker.yml @@ -1,4 +1,4 @@ -# Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -21,28 +21,28 @@ jobs: { name: AFL, config: enable-fuzz-afl no-module, - install: afl++-clang, + install: afl++, cc: afl-clang-fast }, { name: libFuzzer, - config: enable-fuzz-libfuzzer enable-asan enable-ubsan, - libs: --with-fuzzer-lib=/usr/lib/llvm-12/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/12/include/fuzzer, - install: libfuzzer-12-dev, - cc: clang-12, - linker: clang++-12, + config: enable-fuzz-libfuzzer enable-asan enable-ubsan -fno-sanitize=function, + libs: --with-fuzzer-lib=/usr/lib/llvm-18/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/18/include/fuzzer, + install: libfuzzer-18-dev, + cc: clang-18, + linker: clang++-18, tests: -test_memleak }, { name: libFuzzer+, - config: enable-fuzz-libfuzzer enable-asan enable-ubsan -fsanitize-coverage=trace-cmp -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION, - libs: --with-fuzzer-lib=/usr/lib/llvm-12/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/12/include/fuzzer, + config: enable-fuzz-libfuzzer enable-asan enable-ubsan -fno-sanitize=function -fsanitize-coverage=trace-cmp -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION, + libs: --with-fuzzer-lib=/usr/lib/llvm-18/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/18/include/fuzzer, extra: enable-fips enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment enable-tls1_3 enable-weak-ssl-ciphers enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg, - install: libfuzzer-12-dev, - cc: clang-12, - linker: clang++-12, + install: libfuzzer-18-dev, + cc: clang-18, + linker: clang++-18, tests: -test_memleak } ] - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - name: install packages run: | diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index e167416be5..06686a9f48 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -1,4 +1,4 @@ -# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/.github/workflows/make-release.yml b/.github/workflows/make-release.yml new file mode 100644 index 0000000000..ab0255d405 --- /dev/null +++ b/.github/workflows/make-release.yml @@ -0,0 +1,41 @@ +# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +name: "Make release" + +on: + push: + tags: + - "openssl-*" + +jobs: + release: + runs-on: "releaser" + steps: + - name: "Checkout" + uses: "actions/checkout@v4" + with: + fetch-depth: 1 + ref: ${{ github.ref_name }} + github-server-url: "https://github.openssl.org/" + repository: "openssl/openssl" + token: ${{ secrets.GHE_TOKEN }} + path: ${{ github.ref_name }} + - name: "Prepare assets" + run: | + cd ${{ github.ref_name }} + ./util/mktar.sh + mkdir assets && mv ${{ github.ref_name }}.tar.gz assets/ && cd assets + openssl sha1 -r ${{ github.ref_name }}.tar.gz > ${{ github.ref_name }}.tar.gz.sha1 + openssl sha256 -r ${{ github.ref_name }}.tar.gz > ${{ github.ref_name }}.tar.gz.sha256 + gpg -u ${{ vars.signing_key_uid }} -o ${{ github.ref_name }}.tar.gz.asc -sba ${{ github.ref_name }}.tar.gz + - name: "Create release" + env: + GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} + run: | + VERSION=$(echo ${{ github.ref_name }} | cut -d "-" -f 2-) + gh release create ${{ github.ref_name }} -t "OpenSSL $VERSION" -d --notes " " -R ${{ github.repository }} ${{ github.ref_name }}/assets/* diff --git a/.github/workflows/make-test b/.github/workflows/make-test new file mode 100755 index 0000000000..195928e786 --- /dev/null +++ b/.github/workflows/make-test @@ -0,0 +1,43 @@ +#!/usr/bin/env bash +set -eo pipefail + +cleanup() { + # Remove if nothing was generated. + [ -d artifacts ] && find artifacts -type d -empty -delete +} +trap cleanup EXIT + +# Make a central directory to store all output artifacts of our test run to +# avoid having to configure multiple upload-artifacts steps in the workflow +# file. +OSSL_CI_ARTIFACTS_PATH="artifacts/" +if [ -n "${GITHUB_RUN_NUMBER}" ]; then + OSSL_CI_ARTIFACTS_PATH="artifacts/github-${GITHUB_JOB}-${GITHUB_RUN_NUMBER}-${GITHUB_RUN_ID}/" +fi +mkdir -p "$OSSL_CI_ARTIFACTS_PATH" +export OSSL_CI_ARTIFACTS_PATH="$(cd "$OSSL_CI_ARTIFACTS_PATH"; pwd)" + +# Run the tests. This might fail, but we need to capture artifacts anyway. +set +e +make test HARNESS_JOBS=${HARNESS_JOBS:-4} "$@" +RESULT=$? +set -e + +# Move an interesting subset of the test-runs data we want into the artifacts +# staging directory. +for test_name in quic_multistream; do + if [ -d "test-runs/test_${test_name}" ]; then + mv "test-runs/test_${test_name}" "$OSSL_CI_ARTIFACTS_PATH/" + fi +done + +# Log the artifact tree. +echo "::group::List of artifact files generated" +echo "Test suite exited with $RESULT, artifacts path is $OSSL_CI_ARTIFACTS_PATH" +(cd "$OSSL_CI_ARTIFACTS_PATH"; find . -type f | sort) +echo "::endgroup::" + +echo "Archive artifacts" +tar -czvf artifacts.tar.gz $OSSL_CI_ARTIFACTS_PATH + +exit $RESULT diff --git a/.github/workflows/os-zoo.yml b/.github/workflows/os-zoo.yml index 64a8fd33ce..b515c113ec 100644 --- a/.github/workflows/os-zoo.yml +++ b/.github/workflows/os-zoo.yml @@ -1,4 +1,4 @@ -# Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -105,7 +105,7 @@ jobs: fail-fast: false matrix: branch: [openssl-3.0, openssl-3.1, master] - os: [macos-11, macos-12, macos-13] + os: [macos-13, macos-14, macos-15] runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v4 @@ -167,12 +167,8 @@ jobs: working-directory: _build run: nmake test VERBOSE_FAILURE=yes HARNESS_JOBS=4 - self-hosted: - strategy: - matrix: - os: [freebsd-13.2, ubuntu-arm64-22.04] - runs-on: ${{ matrix.os }}-self-hosted - continue-on-error: true + linux-arm64: + runs-on: linux-arm64 steps: - uses: actions/checkout@v4 - name: config @@ -185,3 +181,39 @@ jobs: run: ./util/opensslwrap.sh version -c - name: make test run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} + + freebsd-x86_64: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: config + uses: cross-platform-actions/action@v0.26.0 + with: + operating_system: freebsd + version: "13.4" + shutdown_vm: false + run: | + sudo pkg install -y gcc perl5 + ./config enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace + - name: config dump + uses: cross-platform-actions/action@v0.26.0 + with: + operating_system: freebsd + version: "13.4" + shutdown_vm: false + run: ./configdata.pm --dump + - name: make + uses: cross-platform-actions/action@v0.26.0 + with: + operating_system: freebsd + version: "13.4" + shutdown_vm: false + run: make -j4 + - name: make test + uses: cross-platform-actions/action@v0.26.0 + with: + operating_system: freebsd + version: "13.4" + run: | + ./util/opensslwrap.sh version -c + .github/workflows/make-test diff --git a/.github/workflows/prov-compat-label.yml b/.github/workflows/prov-compat-label.yml new file mode 100644 index 0000000000..d94e4e0de5 --- /dev/null +++ b/.github/workflows/prov-compat-label.yml @@ -0,0 +1,266 @@ +# Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +# This verifies that FIPS and legacy providers built against some earlier +# released versions continue to run against the current branch. + +name: Provider compatibility for PRs + +on: [pull_request] + +permissions: + contents: read + +env: + opts: enable-rc5 enable-md2 enable-ssl3 enable-weak-ssl-ciphers enable-zlib + +jobs: + fips-releases: + if: ${{ contains(github.event.pull_request.labels.*.name,'extended tests') }} + strategy: + matrix: + release: [ + # Formally released versions should be added here. + # `dir' it the directory inside the tarball. + # `tgz' is the name of the tarball. + # `url' is the download URL. + { + dir: openssl-3.0.0, + tgz: openssl-3.0.0.tar.gz, + url: "https://www.openssl.org/source/old/3.0/openssl-3.0.0.tar.gz", + }, + { + dir: openssl-3.0.8, + tgz: openssl-3.0.8.tar.gz, + url: "https://www.openssl.org/source/openssl-3.0.8.tar.gz", + }, + { + dir: openssl-3.0.9, + tgz: openssl-3.0.9.tar.gz, + url: "https://www.openssl.org/source/openssl-3.0.9.tar.gz", + }, + { + dir: openssl-3.1.2, + tgz: openssl-3.1.2.tar.gz, + url: "https://www.openssl.org/source/openssl-3.1.2.tar.gz", + }, + ] + + runs-on: ubuntu-latest + steps: + - name: create download directory + run: mkdir downloads + - name: download release source + run: wget --no-verbose ${{ matrix.release.url }} + working-directory: downloads + - name: unpack release source + run: tar xzf downloads/${{ matrix.release.tgz }} + + - name: localegen + run: sudo locale-gen tr_TR.UTF-8 + + - name: config release + run: | + ./config --banner=Configured enable-shared enable-fips ${{ env.opts }} + working-directory: ${{ matrix.release.dir }} + - name: config dump release + run: ./configdata.pm --dump + working-directory: ${{ matrix.release.dir }} + + - name: make release + run: make -s -j4 + working-directory: ${{ matrix.release.dir }} + + - name: create release artifacts + run: | + tar cz -H posix -f ${{ matrix.release.tgz }} ${{ matrix.release.dir }} + + - name: show module versions from release + run: | + ./util/wrap.pl -fips apps/openssl list -provider-path providers \ + -provider base \ + -provider default \ + -provider fips \ + -provider legacy \ + -providers + working-directory: ${{ matrix.release.dir }} + + - uses: actions/upload-artifact@v4 + with: + name: ${{ matrix.release.tgz }} + path: ${{ matrix.release.tgz }} + retention-days: 7 + + development-branches: + if: ${{ contains(github.event.pull_request.labels.*.name,'extended tests') }} + strategy: + matrix: + branch: [ + # Currently supported FIPS capable branches should be added here. + # `name' is the branch name used to checkout out. + # `dir' directory that will be used to build and test in. + # `tgz' is the name of the tarball use to keep the artifacts of + # the build. + { + name: '', + dir: PR, + tgz: PR.tar.gz, + }, { + name: openssl-3.0, + dir: branch-3.0, + tgz: branch-3.0.tar.gz, + }, { + name: openssl-3.1, + dir: branch-3.1, + tgz: branch-3.1.tar.gz, + }, { + name: openssl-3.2, + dir: branch-3.2, + tgz: branch-3.2.tar.gz, + }, { + name: openssl-3.3, + dir: branch-3.3, + tgz: branch-3.3.tar.gz, + }, { + name: master, + dir: branch-master, + tgz: branch-master.tar.gz, + }, + ] + + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + path: ${{ matrix.branch.dir }} + repository: openssl/openssl + ref: ${{ matrix.branch.name }} + - name: localegen + run: sudo locale-gen tr_TR.UTF-8 + + - name: config branch + run: | + ./config --banner=Configured enable-shared enable-fips ${{ env.opts }} + working-directory: ${{ matrix.branch.dir }} + - name: config dump current + run: ./configdata.pm --dump + working-directory: ${{ matrix.branch.dir }} + + - name: make branch + run: make -s -j4 + working-directory: ${{ matrix.branch.dir }} + + - name: create branch artifacts + run: | + tar cz -H posix -f ${{ matrix.branch.tgz }} ${{ matrix.branch.dir }} + + - name: show module versions from branch + run: | + ./util/wrap.pl -fips apps/openssl list -provider-path providers \ + -provider base \ + -provider default \ + -provider fips \ + -provider legacy \ + -providers + working-directory: ${{ matrix.branch.dir }} + + - name: get cpu info + run: | + cat /proc/cpuinfo + ./util/opensslwrap.sh version -c + working-directory: ${{ matrix.branch.dir }} + + - uses: actions/upload-artifact@v4 + with: + name: ${{ matrix.branch.tgz }} + path: ${{ matrix.branch.tgz }} + retention-days: 7 + + cross-testing: + if: ${{ contains(github.event.pull_request.labels.*.name,'extended tests') }} + needs: [fips-releases, development-branches] + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + # These can't be figured out earlier and included here as a variable + # substitution. + # + # Note that releases are not used as a test environment for + # later providers. Problems in these situations ought to be + # caught by cross branch testing before the release. + tree_a: [ branch-master, branch-3.3, branch-3.2, branch-3.1, branch-3.0, + openssl-3.0.0, openssl-3.0.8, openssl-3.0.9, openssl-3.1.2 ] + tree_b: [ PR ] + include: + - tree_a: PR + tree_b: branch-master + - tree_a: PR + tree_b: branch-3.3 + - tree_a: PR + tree_b: branch-3.2 + - tree_a: PR + tree_b: branch-3.1 + - tree_a: PR + tree_b: branch-3.0 + steps: + - name: early exit checks + id: early_exit + run: | + if [ "${{ matrix.tree_a }}" = "${{ matrix.tree_b }}" ]; \ + then \ + echo "Skipping because both are the same version"; \ + exit 1; \ + fi + continue-on-error: true + + - uses: actions/download-artifact@v4.1.8 + if: steps.early_exit.outcome == 'success' + with: + name: ${{ matrix.tree_a }}.tar.gz + - name: unpack first build + if: steps.early_exit.outcome == 'success' + run: tar xzf "${{ matrix.tree_a }}.tar.gz" + + - uses: actions/download-artifact@v4.1.8 + if: steps.early_exit.outcome == 'success' + with: + name: ${{ matrix.tree_b }}.tar.gz + - name: unpack second build + if: steps.early_exit.outcome == 'success' + run: tar xzf "${{ matrix.tree_b }}.tar.gz" + + - name: set up cross validation of FIPS from A with tree from B + if: steps.early_exit.outcome == 'success' + run: | + cp providers/fips.so ../${{ matrix.tree_b }}/providers/ + cp providers/fipsmodule.cnf ../${{ matrix.tree_b }}/providers/ + working-directory: ${{ matrix.tree_a }} + + - name: show module versions from cross validation + if: steps.early_exit.outcome == 'success' + run: | + ./util/wrap.pl -fips apps/openssl list -provider-path providers \ + -provider base \ + -provider default \ + -provider fips \ + -provider legacy \ + -providers + working-directory: ${{ matrix.tree_b }} + + - name: get cpu info + if: steps.early_exit.outcome == 'success' + run: | + cat /proc/cpuinfo + ./util/opensslwrap.sh version -c + working-directory: ${{ matrix.tree_b }} + + - name: run cross validation tests of FIPS from A with tree from B + if: steps.early_exit.outcome == 'success' + run: | + make test HARNESS_JOBS=${HARNESS_JOBS:-4} + working-directory: ${{ matrix.tree_b }} diff --git a/.github/workflows/provider-compatibility.yml b/.github/workflows/provider-compatibility.yml index afb2782690..d2baad961f 100644 --- a/.github/workflows/provider-compatibility.yml +++ b/.github/workflows/provider-compatibility.yml @@ -1,4 +1,4 @@ -# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -201,7 +201,7 @@ jobs: fi continue-on-error: true - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@v4.1.8 if: steps.early_exit.outcome == 'success' with: name: ${{ matrix.tree_a }}.tar.gz @@ -209,7 +209,7 @@ jobs: if: steps.early_exit.outcome == 'success' run: tar xzf "${{ matrix.tree_a }}.tar.gz" - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@v4.1.8 if: steps.early_exit.outcome == 'success' with: name: ${{ matrix.tree_b }}.tar.gz diff --git a/.github/workflows/run-checker-ci.yml b/.github/workflows/run-checker-ci.yml index 025349b6d3..04a3fc2080 100644 --- a/.github/workflows/run-checker-ci.yml +++ b/.github/workflows/run-checker-ci.yml @@ -1,4 +1,4 @@ -# Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/.github/workflows/run-checker-daily.yml b/.github/workflows/run-checker-daily.yml index 5ad006e269..abd663c03e 100644 --- a/.github/workflows/run-checker-daily.yml +++ b/.github/workflows/run-checker-daily.yml @@ -1,4 +1,4 @@ -# Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -313,7 +313,7 @@ jobs: enable_tfo: strategy: matrix: - os: [ ubuntu-latest, macos-latest ] + os: [ ubuntu-latest, macos-13, macos-14 ] runs-on: ${{matrix.os}} steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/run-checker-merge.yml b/.github/workflows/run-checker-merge.yml index e776d92239..d4fcdaa9bc 100644 --- a/.github/workflows/run-checker-merge.yml +++ b/.github/workflows/run-checker-merge.yml @@ -1,4 +1,4 @@ -# Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -18,7 +18,7 @@ jobs: fail-fast: false matrix: opt: [ - enable-asan enable-ubsan no-shared no-asm -DOPENSSL_SMALL_FOOTPRINT, + enable-asan enable-ubsan no-shared no-asm -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=function, no-ct, no-dso, no-dynamic-engine, @@ -26,7 +26,7 @@ jobs: no-engine no-shared, no-err, no-filenames, - enable-ubsan no-asm -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment, + enable-ubsan no-asm -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=function, no-module, no-ocsp, no-pinshared, @@ -57,3 +57,24 @@ jobs: if [ -x apps/openssl ] ; then ./util/opensslwrap.sh version -c ; fi - name: make test run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} + + threads_sanitizer_atomic_fallback: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: checkout fuzz/corpora submodule + run: git submodule update --init --depth 1 fuzz/corpora + - name: Adjust ASLR for sanitizer + run: | + sudo cat /proc/sys/vm/mmap_rnd_bits + sudo sysctl -w vm.mmap_rnd_bits=28 + - name: config + run: CC=clang ./config --banner=Configured no-shared no-fips --strict-warnings -g -fsanitize=thread -DBROKEN_CLANG_ATOMICS && perl configdata.pm --dump + - name: make + run: make -s -j4 + - name: get cpu info + run: | + cat /proc/cpuinfo + ./util/opensslwrap.sh version -c + - name: make test + run: make test V=1 TESTS="test_lhash test_threads test_internal_provider test_provfetch test_provider test_pbe test_evp_kdf test_pkcs12 test_store test_evp test_quic*" diff --git a/.github/workflows/style-checks.yml b/.github/workflows/style-checks.yml new file mode 100644 index 0000000000..7ed843f3ba --- /dev/null +++ b/.github/workflows/style-checks.yml @@ -0,0 +1,55 @@ +# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +name: Coding style validation + +on: [pull_request] + +env: + PR_NUMBER: ${{ github.event.number }} + GH_TOKEN: ${{ github.token }} + +permissions: + contents: read + +jobs: + check-style: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + path: openssl + - name: check style for each commit + working-directory: openssl + shell: bash + run: | + ERRORS_FOUND=0 + git fetch origin $GITHUB_BASE_REF:$GITHUB_BASE_REF + REFSTART=$(git rev-parse $GITHUB_BASE_REF) + REFEND=$(git rev-parse HEAD) + echo "Checking from $REFSTART to $REFEND" + for i in $(git log --no-merges --format=%H $REFSTART..$REFEND) + do + echo "::group::Style report for commit $i" + set +e + ./util/check-format-commit.sh $i + if [ $? -ne 0 ] + then + ERRORS_FOUND=1 + fi + set -e + echo "::endgroup::" + done + SKIP_TEST=$(gh pr view $PR_NUMBER --json labels --jq '.labels[] | select(.name == "style: waived") | .name') + if [ -z "$SKIP_TEST" ] + then + exit $ERRORS_FOUND + else + echo "PR $PR_NUMBER is marked with style: waived, waiving style check errors" + exit 0 + fi diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 5b88d12ca2..c4879e22f4 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -1,4 +1,4 @@ -# Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -17,15 +17,17 @@ jobs: # Run a job for each of the specified target architectures: strategy: matrix: - os: - - windows-2019 - - windows-2022 platform: - arch: win64 + os: windows-2019 config: enable-fips + - arch: win64 + os: windows-2022 + config: enable-fips no-thread-pool no-quic - arch: win32 + os: windows-2022 config: --strict-warnings no-fips - runs-on: ${{ github.server_url == 'https://github.com' && matrix.os || format('{0}-self-hosted', matrix.os) }} + runs-on: ${{ matrix.platform.os }} steps: - uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule @@ -75,9 +77,9 @@ jobs: strategy: matrix: os: - - windows-2019 +# Reducing CI footprint - windows-2019 - windows-2022 - runs-on: ${{ github.server_url == 'https://github.com' && matrix.os || format('{0}-self-hosted', matrix.os) }} + runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule @@ -113,8 +115,8 @@ jobs: matrix: os: - windows-2019 - - windows-2022 - runs-on: ${{ github.server_url == 'https://github.com' && matrix.os || format('{0}-self-hosted', matrix.os) }} +# Reducing CI footprint - windows-2022 + runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule @@ -159,7 +161,7 @@ jobs: # are we really learning sth new from win32? So let's save some CO2 for now disabling this # - arch: win32 # config: -DCMAKE_C_COMPILER=gcc --strict-warnings no-fips - runs-on: ${{ github.server_url == 'https://github.com' && matrix.os || format('{0}-self-hosted', matrix.os) }} + runs-on: ${{ matrix.os }} env: CYGWIN_NOWINPATH: 1 SHELLOPTS: igncr diff --git a/.github/workflows/windows_comp.yml b/.github/workflows/windows_comp.yml index 4c5ae9fd69..104e93d409 100644 --- a/.github/workflows/windows_comp.yml +++ b/.github/workflows/windows_comp.yml @@ -1,4 +1,4 @@ -# Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/.gitignore b/.gitignore index 98184721f2..d4ee22c47c 100644 --- a/.gitignore +++ b/.gitignore @@ -147,6 +147,9 @@ providers/common/include/prov/der_sm2.h /apps/progs.c /apps/progs.h +# macOS +.DS_Store + # Windows (legacy) /tmp32 /tmp32.dbg diff --git a/CHANGES.md b/CHANGES.md index ddb2ba56a2..3ed965e869 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -26,7 +26,135 @@ OpenSSL Releases OpenSSL 3.3 ----------- -### Changes between 3.2 and 3.3 [xx XXX xxxx] +### Changes between 3.3.3 and 3.3.4 [xx XXX xxxx] + + * When displaying distinguished names in the openssl application escape control + characters by default. + + *Tomáš Mráz* + +### Changes between 3.3.2 and 3.3.3 [11 Feb 2025] + + * Fixed RFC7250 handshakes with unauthenticated servers don't abort as expected. + + Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a + server may fail to notice that the server was not authenticated, because + handshakes don't abort as expected when the SSL_VERIFY_PEER verification mode + is set. + + ([CVE-2024-12797]) + + *Viktor Dukhovni* + + * Fixed timing side-channel in ECDSA signature computation. + + There is a timing signal of around 300 nanoseconds when the top word of + the inverted ECDSA nonce value is zero. This can happen with significant + probability only for some of the supported elliptic curves. In particular + the NIST P-521 curve is affected. To be able to measure this leak, the + attacker process must either be located in the same physical computer or + must have a very fast network connection with low latency. + + ([CVE-2024-13176]) + + *Tomáš Mráz* + + * Fixed possible OOB memory access with invalid low-level GF(2^m) elliptic + curve parameters. + + Use of the low-level GF(2^m) elliptic curve APIs with untrusted + explicit values for the field polynomial can lead to out-of-bounds memory + reads or writes. + Applications working with "exotic" explicit binary (GF(2^m)) curve + parameters, that make it possible to represent invalid field polynomials + with a zero constant term, via the above or similar APIs, may terminate + abruptly as a result of reading or writing outside of array bounds. Remote + code execution cannot easily be ruled out. + + ([CVE-2024-9143]) + + *Viktor Dukhovni* + +### Changes between 3.3.1 and 3.3.2 [3 Sep 2024] + + * Fixed possible denial of service in X.509 name checks. + + Applications performing certificate name checks (e.g., TLS clients checking + server certificates) may attempt to read an invalid memory address when + comparing the expected name with an `otherName` subject alternative name of + an X.509 certificate. This may result in an exception that terminates the + application program. + + ([CVE-2024-6119]) + + *Viktor Dukhovni* + + * Fixed possible buffer overread in SSL_select_next_proto(). + + Calling the OpenSSL API function SSL_select_next_proto with an empty + supported client protocols buffer may cause a crash or memory contents + to be sent to the peer. + + ([CVE-2024-5535]) + + *Matt Caswell* + +### Changes between 3.3.0 and 3.3.1 [4 Jun 2024] + + * Fixed potential use after free after SSL_free_buffers() is called. + + The SSL_free_buffers function is used to free the internal OpenSSL + buffer used when processing an incoming record from the network. + The call is only expected to succeed if the buffer is not currently + in use. However, two scenarios have been identified where the buffer + is freed even when still in use. + + The first scenario occurs where a record header has been received + from the network and processed by OpenSSL, but the full record body + has not yet arrived. In this case calling SSL_free_buffers will succeed + even though a record has only been partially processed and the buffer + is still in use. + + The second scenario occurs where a full record containing application + data has been received and processed by OpenSSL but the application has + only read part of this data. Again a call to SSL_free_buffers will + succeed even though the buffer is still in use. + + ([CVE-2024-4741]) + + *Matt Caswell* + + * Fixed an issue where checking excessively long DSA keys or parameters may + be very slow. + + Applications that use the functions EVP_PKEY_param_check() or + EVP_PKEY_public_check() to check a DSA public key or DSA parameters may + experience long delays. Where the key or parameters that are being checked + have been obtained from an untrusted source this may lead to a Denial of + Service. + + To resolve this issue DSA keys larger than OPENSSL_DSA_MAX_MODULUS_BITS + will now fail the check immediately with a DSA_R_MODULUS_TOO_LARGE error + reason. + + ([CVE-2024-4603]) + + *Tomáš Mráz* + + * Improved EC/DSA nonce generation routines to avoid bias and timing + side channel leaks. + + Thanks to Florian Sieck from Universität zu Lübeck and George Pantelakis + and Hubert Kario from Red Hat for reporting the issues. + + *Tomáš Mráz and Paul Dale* + +### Changes between 3.2 and 3.3.0 [9 Apr 2024] + + * The `-verify` option to the `openssl crl` and `openssl req` will make + the program exit with 1 on failure. + + *Vladimír Kotal* * The BIO_get_new_index() function can only be called 127 times before it reaches its upper bound of BIO_TYPE_MASK. It will now correctly return an @@ -150,6 +278,11 @@ OpenSSL 3.3 *Hugo Landau* + * Limited support for polling of QUIC connection and stream objects in a + non-blocking manner. Refer to the SSL_poll(3) manpage for details. + + *Hugo Landau* + * Added APIs to allow querying the size and utilisation of a QUIC stream's write buffer. Refer to the SSL_get_value_uint(3) manpage for details. @@ -163,11 +296,72 @@ OpenSSL 3.3 *Alexandr Nedvedicky* + * Applied AES-GCM unroll8 optimisation to Microsoft Azure Cobalt 100 + + *Tom Cosgrove* + + * Added X509_STORE_get1_objects to avoid issues with the existing + X509_STORE_get0_objects API in multi-threaded applications. Refer to the + documentation for details. + + *David Benjamin* + + * Added assembly implementation for md5 on loongarch64 + + *Min Zhou* + + * Optimized AES-CTR for ARM Neoverse V1 and V2 + + *Fisher Yu* + + * Enable AES and SHA3 optimisations on Applie Silicon M3-based MacOS systems + similar to M1/M2. + + *Tom Cosgrove* + + * Added a new EVP_DigestSqueeze() API. This allows SHAKE to squeeze multiple + times with different output sizes. + + *Shane Lontis, Holger Dengler* + + * Various optimizations for cryptographic routines using RISC-V vector crypto + extensions + + *Christoph Müllner, Charalampos Mitrodimas, Ard Biesheuvel, Phoebe Chen, + Jerry Shih* + + * Accept longer context for TLS 1.2 exporters + + While RFC 5705 implies that the maximum length of a context for exporters is + 65535 bytes as the length is embedded in uint16, the previous implementation + enforced a much smaller limit, which is less than 1024 bytes. This + restriction has been removed. + + *Daiki Ueno* + OpenSSL 3.2 ----------- ### Changes between 3.2.1 and 3.2.2 [xx XXX xxxx] + * Fixed an issue where some non-default TLS server configurations can cause + unbounded memory growth when processing TLSv1.3 sessions. An attacker may + exploit certain server configurations to trigger unbounded memory growth that + would lead to a Denial of Service + + This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option + is being used (but not if early_data is also configured and the default + anti-replay protection is in use). In this case, under certain conditions, + the session cache can get into an incorrect state and it will fail to flush + properly as it fills. The session cache will continue to grow in an unbounded + manner. A malicious client could deliberately create the scenario for this + failure to force a Denial of Service. It may also happen by accident in + normal operation. + + ([CVE-2024-2511]) + + *Matt Caswell* + * Fixed bug where SSL_export_keying_material() could not be used with QUIC connections. (#23560) @@ -20540,6 +20734,13 @@ ndif +[CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176 +[CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143 +[CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119 +[CVE-2024-5535]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-5535 +[CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741 +[CVE-2024-4603]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4603 +[CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511 [CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727 [CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237 [CVE-2023-6129]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6129 diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index e4415538b8..35c45a319f 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -3,13 +3,13 @@ HOW TO CONTRIBUTE TO OpenSSL Please visit our [Getting Started] page for other ideas about how to contribute. - [Getting Started]: + [Getting Started]: Development is done on GitHub in the [openssl/openssl] repository. [openssl/openssl]: -To request new a feature, ask a question, or report a bug, +To request a new feature, ask a question, or report a bug, please open an [issue on GitHub](https://github.com/openssl/openssl/issues). To submit a patch or implement a new feature, please open a @@ -67,7 +67,8 @@ guidelines: often. We do not accept merge commits, you will have to remove them (usually by rebasing) before it will be acceptable. - 4. Code provided should follow our [coding style] and compile without warnings. + 4. Code provided should follow our [coding style] and [documentation policy] + and compile without warnings. There is a [Perl tool](util/check-format.pl) that helps finding code formatting mistakes and other coding style nits. Where `gcc` or `clang` is available, you should use the @@ -76,7 +77,8 @@ guidelines: Clean builds via GitHub Actions are required. They are started automatically whenever a PR is created or updated by committers. - [coding style]: https://www.openssl.org/policies/technical/coding-style.html + [coding style]: https://openssl-library.org/policies/technical/coding-style/ + [documentation policy]: https://openssl-library.org/policies/technical/documentation-policy/ 5. When at all possible, code contributions should include tests. These can either be added to an existing test, or completely new. Please see diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index c9db9aac28..cba57b4127 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -777,7 +777,14 @@ my %targets = ( asm_arch => 'aarch64', perlasm_scheme => "linux64", }, - + "linux-arm64ilp32-clang" => { # clang config abi by --target + inherit_from => [ "linux-generic32" ], + CC => "clang", + CXX => "clang++", + bn_ops => "SIXTY_FOUR_BIT RC4_CHAR", + asm_arch => 'aarch64', + perlasm_scheme => "linux64", + }, "linux-mips32" => { # Configure script adds minimally required -march for assembly # support, if no -march was specified at command line. @@ -1407,6 +1414,25 @@ my %targets = ( AR => add("-X32"), RANLIB => add("-X32"), }, + # To enable openxl compiler for aix + # If 17.1 openxl runtime is available, -latomic can be used + # instead of -DBROKEN_CLANG_ATOMICS + "aix-clang" => { + inherit_from => [ "aix-common" ], + CC => "ibm-clang", + CFLAGS => picker(debug => "-O0 -g", + release => "-O"), + cflags => combine("-Wno-implicit-function-declaration -mcmodel=large -DBROKEN_CLANG_ATOMICS", + threads("-pthread")), + ex_libs => add(threads("-pthread")), + bn_ops => "BN_LLONG RC4_CHAR", + asm_arch => 'ppc32', + perlasm_scheme => "aix32", + shared_cflag => "-fpic", + shared_ldflag => add("-shared"), + AR => add("-X32"), + RANLIB => add("-X32"), + }, # shared_target of "aix-solib" builds shared libraries packaged # without archives. This improves the behavior of inter-library # references (libssl depending on libcrypto) when building with @@ -1438,6 +1464,23 @@ my %targets = ( AR => add("-X64"), RANLIB => add("-X64"), }, + "aix64-clang" => { + inherit_from => [ "aix-common" ], + CC => "ibm-clang", + CFLAGS => picker(debug => "-O0 -g", + release => "-O"), + cflags => combine("-maix64 -Wno-implicit-function-declaration -mcmodel=large", + threads("-pthread")), + ex_libs => add(threads("-pthread")), + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", + asm_arch => 'ppc64', + perlasm_scheme => "aix64", + shared_cflag => "-fpic", + shared_ldflag => add("-shared"), + shared_extension => "64.so.\$(SHLIB_VERSION_NUMBER)", + AR => add("-X64"), + RANLIB => add("-X64"), + }, "aix64-cc-solib" => { inherit_from => [ "aix64-cc" ], shared_target => "aix-solib", @@ -2055,6 +2098,7 @@ my %targets = ( cflag_incfirst => '/FIRST_INCLUDE=', lib_defines => add("OPENSSL_USE_NODELETE", + "_XOPEN_SOURCE", "_XOPEN_SOURCE_EXTENDED=1", sub { return vms_info()->{def_zlib} ? "LIBZ=\"\"\"".vms_info()->{def_zlib}."\"\"\"" : (); diff --git a/Configurations/15-ios.conf b/Configurations/15-ios.conf index 478f30f47e..6f33df381f 100644 --- a/Configurations/15-ios.conf +++ b/Configurations/15-ios.conf @@ -11,7 +11,7 @@ my %targets = ( template => 1, inherit_from => [ "darwin-common" ], sys_id => "iOS", - disable => [ "shared", "async" ], + disable => [ "async" ], }, "ios-xcrun" => { inherit_from => [ "ios-common" ], diff --git a/Configurations/50-win-clang-cl.conf b/Configurations/50-win-clang-cl.conf index cfc96ef159..baead2cdbe 100644 --- a/Configurations/50-win-clang-cl.conf +++ b/Configurations/50-win-clang-cl.conf @@ -11,7 +11,7 @@ my %targets = ( multilib => "-arm64", asm_arch => "aarch64", AS => "clang-cl.exe", - ASFLAGS => "/nologo /Zi", + ASFLAGS => "/nologo /Zi --target=arm64-pc-windows-msvc", asflags => "/c", asoutflag => "/Fo", perlasm_scheme => "win64", @@ -25,8 +25,9 @@ my %targets = ( bn_ops => "SIXTY_FOUR_BIT RC4_CHAR", multilib => "-arm64", asm_arch => "aarch64", + CFLAGS => add("--target=arm64-pc-windows-msvc"), AS => "clang-cl.exe", - ASFLAGS => "/nologo /Zi", + ASFLAGS => "/nologo /Zi --target=arm64-pc-windows-msvc", asflags => "/c", asoutflag => "/Fo", perlasm_scheme => "win64", diff --git a/Configurations/descrip.mms.tmpl b/Configurations/descrip.mms.tmpl index 94eb7e2810..db6a1b1799 100644 --- a/Configurations/descrip.mms.tmpl +++ b/Configurations/descrip.mms.tmpl @@ -239,7 +239,7 @@ # from these directories. push @{$unified_info{includes_extra}->{$obj}}, qw(./quic); } - foreach (grep /\[\.ssl\.(?:quic|record|statem)\].*?\.o$/, keys %{$unified_info{sources}}) { + foreach (grep /\[\.ssl\.(?:quic|record|statem|rio)\].*?\.o$/, keys %{$unified_info{sources}}) { my $obj = platform->obj($_); # Most of the files in [.ssl.record] and [.ssl.statem] include # "../ssl_local.h", which includes things like "record/record.h". diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index 4c24cae7ab..8c08096307 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -1740,7 +1740,7 @@ EOF } elsif ($makedep_scheme eq 'gcc' && !grep /\.rc$/, @srcs) { $recipe .= <<"EOF"; $obj: $deps - $cmd $incs $defs $cmdflags -MMD -MF $dep.tmp -MT \$\@ -c -o \$\@ $srcs + $cmd $incs $defs $cmdflags -MMD -MF $dep.tmp -c -o \$\@ $srcs \@touch $dep.tmp \@if cmp $dep.tmp $dep > /dev/null 2> /dev/null; then \\ rm -f $dep.tmp; \\ diff --git a/Configure b/Configure index cac277f45c..238152b290 100755 --- a/Configure +++ b/Configure @@ -1,6 +1,6 @@ #! /usr/bin/env perl # -*- mode: perl; -*- -# Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -167,7 +167,6 @@ my @gcc_devteam_warn = qw( -Wshadow -Wformat -Wno-type-limits - -Wno-tautological-constant-out-of-range-compare -Wundef -Werror -Wmissing-prototypes @@ -184,11 +183,11 @@ my @gcc_devteam_warn = qw( # -Wextended-offsetof -- no, needed in CMS ASN1 code my @clang_devteam_warn = qw( -Wno-unknown-warning-option - -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wno-missing-braces + -Wno-tautological-constant-out-of-range-compare -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations @@ -1658,7 +1657,7 @@ if (!$disabled{makedepend}) { disable('unavailable', 'makedepend') unless $config{makedep_scheme}; } -if (!$disabled{asm} && !$predefined_C{__MACH__} && $^O ne 'VMS') { +if (!$disabled{asm} && !$predefined_C{__MACH__} && $^O ne 'VMS' && !$predefined_C{_AIX}) { # probe for -Wa,--noexecstack option... if ($predefined_C{__clang__}) { # clang has builtin assembler, which doesn't recognize --help, @@ -3507,6 +3506,13 @@ sub absolutedir { return rel2abs($dir); } + # realpath() on Windows seems to check if the directory actually exists, + # which isn't what is wanted here. All we want to know is if a directory + # spec is absolute, not if it exists. + if ($^O eq "MSWin32") { + return rel2abs($dir); + } + # We use realpath() on Unix, since no other will properly clean out # a directory spec. use Cwd qw/realpath/; diff --git a/INSTALL.md b/INSTALL.md index a37fd24dba..50a8baac46 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -530,7 +530,7 @@ Setting the FIPS HMAC key As part of its self-test validation, the FIPS module must verify itself by performing a SHA-256 HMAC computation on itself. The default key is -the SHA256 value of "the holy handgrenade of antioch" and is sufficient +the SHA256 value of "holy hand grenade of antioch" and is sufficient for meeting the FIPS requirements. To change the key to a different value, use this flag. The value should @@ -1291,7 +1291,7 @@ Configure OpenSSL ### Automatic Configuration In previous version, the `config` script determined the platform type and -compiler and then called `Configure`. Starting with this release, they are +compiler and then called `Configure`. Starting with version 3.0, they are the same. #### Unix / Linux / macOS @@ -1746,7 +1746,7 @@ More about our support resources can be found in the [SUPPORT] file. ### Configuration Errors -If the `./Configure` or `./Configure` command fails with an error message, +If the `./config` or `./Configure` command fails with an error message, read the error message carefully and try to figure out whether you made a mistake (e.g., by providing a wrong option), or whether the script is working incorrectly. If you think you encountered a bug, please diff --git a/NEWS.md b/NEWS.md index 2521e996b5..7d0a7e0700 100644 --- a/NEWS.md +++ b/NEWS.md @@ -21,15 +21,184 @@ OpenSSL Releases OpenSSL 3.3 ----------- -### Major changes between OpenSSL 3.2 and OpenSSL 3.3 [under development] +### Major changes between OpenSSL 3.3.3 and OpenSSL 3.3.4 [under development] + + * none + +### Major changes between OpenSSL 3.3.2 and OpenSSL 3.3.3 [11 Feb 2025] + +OpenSSL 3.3.3 is a security patch release. The most severe CVE fixed in this +release is High. + +This release incorporates the following bug fixes and mitigations: + + * Fixed RFC7250 handshakes with unauthenticated servers don't abort as expected. + ([CVE-2024-12797]) + + * Fixed timing side-channel in ECDSA signature computation. + ([CVE-2024-13176]) + + * Fixed possible OOB memory access with invalid low-level GF(2^m) elliptic + curve parameters. + ([CVE-2024-9143]) + +### Major changes between OpenSSL 3.3.1 and OpenSSL 3.3.2 [3 Sep 2024] + +OpenSSL 3.3.2 is a security patch release. The most severe CVE fixed in this +release is Moderate. + +This release incorporates the following bug fixes and mitigations: + + * Fixed possible denial of service in X.509 name checks + ([CVE-2024-6119]) + + * Fixed possible buffer overread in SSL_select_next_proto() + ([CVE-2024-5535]) + +### Major changes between OpenSSL 3.3.0 and OpenSSL 3.3.1 [4 Jun 2024] + +OpenSSL 3.3.1 is a security patch release. The most severe CVE fixed in this +release is Low. + +This release incorporates the following bug fixes and mitigations: + + * Fixed potential use after free after SSL_free_buffers() is called + ([CVE-2024-4741]) + + * Fixed an issue where checking excessively long DSA keys or parameters may + be very slow + ([CVE-2024-4603]) + +### Major changes between OpenSSL 3.2 and OpenSSL 3.3.0 [9 Apr 2024] + +OpenSSL 3.3.0 is a feature release adding significant new functionality to +OpenSSL. + +This release adds the following new features: + + * Support for qlog for tracing QUIC connections has been added + + * Added APIs to allow configuring the negotiated idle timeout for QUIC + connections, and to allow determining the number of additional streams + that can currently be created for a QUIC connection. + + * Added APIs to allow disabling implicit QUIC event processing for QUIC SSL + objects + + * Added APIs to allow querying the size and utilisation of a QUIC stream's + write buffer + + * New API `SSL_write_ex2`, which can be used to send an end-of-stream (FIN) + condition in an optimised way when using QUIC. + + * Limited support for polling of QUIC connection and stream objects in a + non-blocking manner. + + * Added a new EVP_DigestSqueeze() API. This allows SHAKE to squeeze multiple + times with different output sizes. * Added exporter for CMake on Unix and Windows, alongside the pkg-config exporter. + * The BLAKE2s hash algorithm matches BLAKE2b's support for configurable + output length. + + * The EVP_PKEY_fromdata function has been augmented to allow for the + derivation of CRT (Chinese Remainder Theorem) parameters when requested + + * Added API functions SSL_SESSION_get_time_ex(), SSL_SESSION_set_time_ex() + using time_t which is Y2038 safe on 32 bit systems when 64 bit time + is enabled + + * Unknown entries in TLS SignatureAlgorithms, ClientSignatureAlgorithms + config options and the respective calls to SSL[_CTX]_set1_sigalgs() and + SSL[_CTX]_set1_client_sigalgs() that start with `?` character are + ignored and the configuration will still be used. + + * Added `-set_issuer` and `-set_subject` options to `openssl x509` to + override the Issuer and Subject when creating a certificate. The `-subj` + option now is an alias for `-set_subject`. + + * Added several new features of CMPv3 defined in RFC 9480 and RFC 9483 + + * New option `SSL_OP_PREFER_NO_DHE_KEX`, which allows configuring a TLS1.3 + server to prefer session resumption using PSK-only key exchange over PSK + with DHE, if both are available. + + * New atexit configuration switch, which controls whether the OPENSSL_cleanup + is registered when libcrypto is unloaded. + + * Added X509_STORE_get1_objects to avoid issues with the existing + X509_STORE_get0_objects API in multi-threaded applications. + +This release incorporates the following potentially significant or incompatible +changes: + + * Applied AES-GCM unroll8 optimisation to Microsoft Azure Cobalt 100 + + * Optimized AES-CTR for ARM Neoverse V1 and V2 + + * Enable AES and SHA3 optimisations on Applie Silicon M3-based MacOS systems + similar to M1/M2. + + * Various optimizations for cryptographic routines using RISC-V vector crypto + extensions + + * Added assembly implementation for md5 on loongarch64 + + * Accept longer context for TLS 1.2 exporters + + * The activate and soft_load configuration settings for providers in + openssl.cnf have been updated to require a value of [1|yes|true|on] + (in lower or UPPER case) to enable the setting. Conversely a value + of [0|no|false|off] will disable the setting. + + * In `openssl speed`, changed the default hash function used with `hmac` from + `md5` to `sha256`. + + * The `-verify` option to the `openssl crl` and `openssl req` will make the + program exit with 1 on failure. + + * The d2i_ASN1_GENERALIZEDTIME(), d2i_ASN1_UTCTIME(), ASN1_TIME_check(), and + related functions have been augmented to check for a minimum length of + the input string, in accordance with ITU-T X.690 section 11.7 and 11.8. + + * OPENSSL_sk_push() and sk__push() functions now return 0 instead of -1 + if called with a NULL stack argument. + + * New limit on HTTP response headers is introduced to HTTP client. The + default limit is set to 256 header lines. + +This release incorporates the following bug fixes and mitigations: + + * The BIO_get_new_index() function can only be called 127 times before it + reaches its upper bound of BIO_TYPE_MASK and will now return -1 once its + exhausted. + +A more detailed list of changes in this release can be found in the +[CHANGES.md] file. + +Users interested in using the new QUIC functionality are encouraged to read the +[README file for QUIC][README-QUIC.md], which provides links to relevant +documentation and example code. + +As always, bug reports and issues relating to OpenSSL can be [filed on our issue +tracker][issue tracker]. + OpenSSL 3.2 ----------- -### Major changes between OpenSSL 3.2.0 and OpenSSL 3.2.1 [under development] +### Major changes between OpenSSL 3.2.1 and OpenSSL 3.2.2 [under development] + +OpenSSL 3.2.2 is a security patch release. The most severe CVE fixed in this +release is Low. + +This release incorporates the following bug fixes and mitigations: + + * Fixed unbounded memory growth with session handling in TLSv1.3 + ([CVE-2024-2511]) + +### Major changes between OpenSSL 3.2.0 and OpenSSL 3.2.1 [30 Jan 2024] OpenSSL 3.2.1 is a security patch release. The most severe CVE fixed in this release is Low. @@ -38,8 +207,10 @@ This release incorporates the following bug fixes and mitigations: * Fixed PKCS12 Decoding crashes ([CVE-2024-0727]) + * Fixed excessive time spent checking invalid RSA public keys ([CVE-2023-6237]) + * Fixed POLY1305 MAC implementation corrupting vector registers on PowerPC CPUs which support PowerISA 2.07 ([CVE-2023-6129]) @@ -1592,6 +1763,13 @@ OpenSSL 0.9.x +[CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176 +[CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143 +[CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119 +[CVE-2024-5535]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-5535 +[CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741 +[CVE-2024-4603]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4603 +[CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511 [CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727 [CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237 [CVE-2023-6129]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6129 diff --git a/NOTES-NONSTOP.md b/NOTES-NONSTOP.md index 6cf12042d5..70337363aa 100644 --- a/NOTES-NONSTOP.md +++ b/NOTES-NONSTOP.md @@ -19,9 +19,7 @@ About c99 compiler The c99 compiler is required for building OpenSSL from source. While c11 may work, it has not been broadly tested. c99 is the only compiler -prerequisite needed to build OpenSSL 3.0 on this platform. You should also -have the FLOSS package installed on your system. The ITUGLIB FLOSS package -is the only FLOSS variant that has been broadly tested. +prerequisite needed to build OpenSSL 3.0 on this platform. Threading Models ---------------- @@ -37,6 +35,9 @@ for each on the TNS/X (L-Series) platform: The SPT threading model is no longer supported as of OpenSSL 3.2. +The PUT model is incompatible with the QUIC capability. This capability should +be disabled when building with PUT. + ### TNS/E Considerations The TNS/E platform is build using the same set of builds specifying `nse` @@ -123,12 +124,9 @@ correctly, you also need the `COMP_ROOT` set, as in: `COMP_ROOT` needs to be in Windows form. -`Configure` must specify the `no-makedepend` option otherwise errors will -result when running the build because the c99 cross-compiler does not support -the `gcc -MT` option. An example of a `Configure` command to be run from the -OpenSSL directory is: +An example of a `Configure` command to be run from the OpenSSL directory is: - ./Configure nonstop-nsx_64 no-makedepend --with-rand-seed=rdcpu + ./Configure nonstop-nsx_64 --with-rand-seed=rdcpu Do not forget to include any OpenSSL cross-compiling prefix and certificate options when creating your libraries. diff --git a/README.md b/README.md index c3dac35096..24f8fce6d0 100644 --- a/README.md +++ b/README.md @@ -64,7 +64,7 @@ For Production Use ------------------ Source code tarballs of the official releases can be downloaded from -[www.openssl.org/source](https://www.openssl.org/source). +[openssl-library.org/source/](https://openssl-library.org/source/). The OpenSSL project does not distribute the toolkit in binary form. However, for a large variety of operating systems precompiled versions @@ -84,22 +84,18 @@ the source tarballs, having a local copy of the git repository with the entire project history gives you much more insight into the code base. -The official OpenSSL Git Repository is located at [git.openssl.org]. -There is a GitHub mirror of the repository at [github.com/openssl/openssl], +The main OpenSSL Git repository is private. +There is a public GitHub mirror of it at [github.com/openssl/openssl], which is updated automatically from the former on every commit. -A local copy of the Git Repository can be obtained by cloning it from -the original OpenSSL repository using - - git clone git://git.openssl.org/openssl.git - -or from the GitHub mirror using +A local copy of the Git repository can be obtained by cloning it from +the GitHub mirror using git clone https://github.com/openssl/openssl.git If you intend to contribute to OpenSSL, either to fix bugs or contribute -new features, you need to fork the OpenSSL repository openssl/openssl on -GitHub and clone your public fork instead. +new features, you need to fork the GitHub mirror and clone your public fork +instead. git clone https://github.com/yourname/openssl.git @@ -159,7 +155,7 @@ available online. Demos ----- -The are numerous source code demos for using various OpenSSL capabilities in the +There are numerous source code demos for using various OpenSSL capabilities in the [demos subfolder](./demos). Wiki @@ -199,7 +195,7 @@ attempting to develop or distribute cryptographic code. Copyright ========= -Copyright (c) 1998-2023 The OpenSSL Project Authors +Copyright (c) 1998-2025 The OpenSSL Project Authors Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson @@ -211,14 +207,6 @@ All rights reserved. "OpenSSL Homepage" -[git.openssl.org]: - - "OpenSSL Git Repository" - -[git.openssl.org]: - - "OpenSSL Git Repository" - [github.com/openssl/openssl]: "OpenSSL GitHub Mirror" diff --git a/VERSION.dat b/VERSION.dat index 5d5f74c114..c90cf72624 100644 --- a/VERSION.dat +++ b/VERSION.dat @@ -1,6 +1,6 @@ MAJOR=3 MINOR=3 -PATCH=0 +PATCH=4 PRE_RELEASE_TAG=dev BUILD_METADATA= RELEASE_DATE="" diff --git a/apps/asn1parse.c b/apps/asn1parse.c index bf62f85947..a24ae8edf4 100644 --- a/apps/asn1parse.c +++ b/apps/asn1parse.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -127,7 +127,8 @@ int asn1parse_main(int argc, char **argv) dump = strtol(opt_arg(), NULL, 0); break; case OPT_STRPARSE: - sk_OPENSSL_STRING_push(osk, opt_arg()); + if (sk_OPENSSL_STRING_push(osk, opt_arg()) <= 0) + goto end; break; case OPT_GENSTR: genstr = opt_arg(); diff --git a/apps/cmp.c b/apps/cmp.c index a280cea720..10a477dace 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -1,5 +1,5 @@ /* - * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright Nokia 2007-2019 * Copyright Siemens AG 2015-2019 * @@ -3435,13 +3435,28 @@ int cmp_main(int argc, char **argv) opt_extracertsout, "extra") < 0) goto err; if (newcert != NULL && (opt_cmd == CMP_IR || opt_cmd == CMP_CR - || opt_cmd == CMP_KUR || opt_cmd == CMP_P10CR)) - if (!save_cert_or_delete(newcert, opt_certout, "newly enrolled") - || save_free_certs(OSSL_CMP_CTX_get1_newChain(cmp_ctx), - opt_chainout, "chain") < 0 - || save_free_certs(OSSL_CMP_CTX_get1_caPubs(cmp_ctx), - opt_cacertsout, "CA") < 0) + || opt_cmd == CMP_KUR || opt_cmd == CMP_P10CR)) { + STACK_OF(X509) *newchain = OSSL_CMP_CTX_get1_newChain(cmp_ctx); + + if (newcert != NULL && newchain != NULL /* NULL is on error only */ + && opt_certout != NULL && opt_chainout != NULL + && strcmp(opt_certout, opt_chainout) == 0) { + if (!X509_add_cert(newchain, newcert, X509_ADD_FLAG_PREPEND + | X509_ADD_FLAG_UP_REF)) { + sk_X509_pop_free(newchain, X509_free); + goto err; + } + if (!save_free_certs(newchain, opt_chainout, "newly enrolled cert and chain")) + goto err; + } else { + if (save_free_certs(newchain, opt_chainout, "chain") < 0 + || !save_cert_or_delete(newcert, opt_certout, "newly enrolled")) + goto err; + } + if (save_free_certs(OSSL_CMP_CTX_get1_caPubs(cmp_ctx), + opt_cacertsout, "CA") < 0) goto err; + } if (!OSSL_CMP_CTX_reinit(cmp_ctx)) goto err; } diff --git a/apps/cms.c b/apps/cms.c index f93c98ac92..2b8eea16c9 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -133,7 +133,7 @@ const OPTIONS cms_options[] = { {"binary", OPT_BINARY, '-', "Treat input as binary: do not translate to canonical form"}, {"crlfeol", OPT_CRLFEOL, '-', - "Use CRLF as EOL termination instead of CR only" }, + "Use CRLF as EOL termination instead of LF only" }, {"asciicrlf", OPT_ASCIICRLF, '-', "Perform CRLF canonicalisation when signing"}, @@ -502,13 +502,15 @@ int cms_main(int argc, char **argv) if (rr_from == NULL && (rr_from = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(rr_from, opt_arg()); + if (sk_OPENSSL_STRING_push(rr_from, opt_arg()) <= 0) + goto end; break; case OPT_RR_TO: if (rr_to == NULL && (rr_to = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(rr_to, opt_arg()); + if (sk_OPENSSL_STRING_push(rr_to, opt_arg()) <= 0) + goto end; break; case OPT_PRINT: noout = print = 1; @@ -585,13 +587,15 @@ int cms_main(int argc, char **argv) if (sksigners == NULL && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(sksigners, signerfile); + if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0) + goto end; if (keyfile == NULL) keyfile = signerfile; if (skkeys == NULL && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(skkeys, keyfile); + if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0) + goto end; keyfile = NULL; } signerfile = opt_arg(); @@ -609,12 +613,14 @@ int cms_main(int argc, char **argv) if (sksigners == NULL && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(sksigners, signerfile); + if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0) + goto end; signerfile = NULL; if (skkeys == NULL && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(skkeys, keyfile); + if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0) + goto end; } keyfile = opt_arg(); break; @@ -668,7 +674,8 @@ int cms_main(int argc, char **argv) key_param->next = nparam; key_param = nparam; } - sk_OPENSSL_STRING_push(key_param->param, opt_arg()); + if (sk_OPENSSL_STRING_push(key_param->param, opt_arg()) <= 0) + goto end; break; case OPT_V_CASES: if (!opt_verify(o, vpm)) @@ -755,12 +762,14 @@ int cms_main(int argc, char **argv) if (sksigners == NULL && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(sksigners, signerfile); + if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0) + goto end; if (skkeys == NULL && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) goto end; if (keyfile == NULL) keyfile = signerfile; - sk_OPENSSL_STRING_push(skkeys, keyfile); + if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0) + goto end; } if (sksigners == NULL) { BIO_printf(bio_err, "No signer certificate specified\n"); @@ -1001,7 +1010,7 @@ int cms_main(int argc, char **argv) goto end; pctx = CMS_RecipientInfo_get0_pkey_ctx(ri); - if (kparam != NULL) { + if (pctx != NULL && kparam != NULL) { if (!cms_set_pkey_param(pctx, kparam->param)) goto end; } @@ -1042,8 +1051,15 @@ int cms_main(int argc, char **argv) pwri_tmp = NULL; } if (!(flags & CMS_STREAM)) { - if (!CMS_final(cms, in, NULL, flags)) + if (!CMS_final(cms, in, NULL, flags)) { + if (originator != NULL + && ERR_GET_REASON(ERR_peek_error()) + == CMS_R_ERROR_UNSUPPORTED_STATIC_KEY_AGREEMENT) { + BIO_printf(bio_err, "Cannot use originator for encryption\n"); + goto end; + } goto end; + } } } else if (operation == SMIME_ENCRYPTED_ENCRYPT) { cms = CMS_EncryptedData_encrypt_ex(in, cipher, secret_key, @@ -1294,6 +1310,7 @@ int cms_main(int argc, char **argv) X509_free(cert); X509_free(recip); X509_free(signer); + X509_free(originator); EVP_PKEY_free(key); EVP_CIPHER_free(cipher); EVP_CIPHER_free(wrap_cipher); diff --git a/apps/crl.c b/apps/crl.c index 09aec81cf7..afb59178fd 100644 --- a/apps/crl.c +++ b/apps/crl.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -248,9 +248,10 @@ int crl_main(int argc, char **argv) EVP_PKEY_free(pkey); if (i < 0) goto end; - if (i == 0) + if (i == 0) { BIO_printf(bio_err, "verify failure\n"); - else + goto end; + } else BIO_printf(bio_err, "verify OK\n"); } diff --git a/apps/dgst.c b/apps/dgst.c index 28123f813f..2511a2ffc1 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -479,7 +479,7 @@ int dgst_main(int argc, char **argv) static void show_digests(const OBJ_NAME *name, void *arg) { struct doall_dgst_digests *dec = (struct doall_dgst_digests *)arg; - const EVP_MD *md = NULL; + EVP_MD *md = NULL; /* Filter out signed digests (a.k.a signature algorithms) */ if (strstr(name->name, "rsa") != NULL || strstr(name->name, "RSA") != NULL) @@ -491,8 +491,7 @@ static void show_digests(const OBJ_NAME *name, void *arg) /* Filter out message digests that we cannot use */ md = EVP_MD_fetch(app_get0_libctx(), name->name, app_get0_propq()); if (md == NULL) { - md = EVP_get_digestbyname(name->name); - if (md == NULL) + if (EVP_get_digestbyname(name->name) == NULL) return; } @@ -503,6 +502,8 @@ static void show_digests(const OBJ_NAME *name, void *arg) } else { BIO_printf(dec->bio, " "); } + + EVP_MD_free(md); } /* diff --git a/apps/enc.c b/apps/enc.c index 5b53929c55..e7421ad896 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/apps/engine.c b/apps/engine.c index 67f23c7e00..c1943bf3ab 100644 --- a/apps/engine.c +++ b/apps/engine.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -352,10 +352,12 @@ int engine_main(int argc, char **argv) test_avail++; break; case OPT_PRE: - sk_OPENSSL_STRING_push(pre_cmds, opt_arg()); + if (sk_OPENSSL_STRING_push(pre_cmds, opt_arg()) <= 0) + goto end; break; case OPT_POST: - sk_OPENSSL_STRING_push(post_cmds, opt_arg()); + if (sk_OPENSSL_STRING_push(post_cmds, opt_arg()) <= 0) + goto end; break; } } diff --git a/apps/genpkey.c b/apps/genpkey.c index 341d2cd6fc..9a4cf622ce 100644 --- a/apps/genpkey.c +++ b/apps/genpkey.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/apps/lib/apps.c b/apps/lib/apps.c index 47d994b9c2..1c7baf6940 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -189,7 +189,11 @@ int set_nameopt(const char *arg) unsigned long get_nameopt(void) { return - nmflag_set ? nmflag : XN_FLAG_SEP_CPLUS_SPC | ASN1_STRFLGS_UTF8_CONVERT; + nmflag_set ? nmflag : XN_FLAG_SEP_CPLUS_SPC | XN_FLAG_FN_SN + | ASN1_STRFLGS_ESC_CTRL + | ASN1_STRFLGS_UTF8_CONVERT + | ASN1_STRFLGS_DUMP_UNKNOWN + | ASN1_STRFLGS_DUMP_DER; } void dump_cert_text(BIO *out, X509 *x) @@ -2952,11 +2956,6 @@ int raw_read_stdin(void *buf, int siz) return recv(fileno_stdin(), buf, siz, 0); } #else -# if defined(__TANDEM) -# if defined(OPENSSL_TANDEM_FLOSS) -# include -# endif -# endif int raw_read_stdin(void *buf, int siz) { return read(fileno_stdin(), buf, siz); @@ -2975,21 +2974,11 @@ int raw_write_stdout(const void *buf, int siz) } #elif defined(OPENSSL_SYS_TANDEM) && defined(OPENSSL_THREADS) \ && defined(_SPT_MODEL_) -# if defined(__TANDEM) -# if defined(OPENSSL_TANDEM_FLOSS) -# include -# endif -# endif int raw_write_stdout(const void *buf, int siz) { return write(fileno(stdout), (void *)buf, siz); } #else -# if defined(__TANDEM) -# if defined(OPENSSL_TANDEM_FLOSS) -# include -# endif -# endif int raw_write_stdout(const void *buf, int siz) { return write(fileno_stdout(), buf, siz); diff --git a/apps/lib/cmp_mock_srv.c b/apps/lib/cmp_mock_srv.c index 5fed3a9fd0..21fe404aa9 100644 --- a/apps/lib/cmp_mock_srv.c +++ b/apps/lib/cmp_mock_srv.c @@ -1,5 +1,5 @@ /* - * Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright Siemens AG 2018-2020 * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -401,9 +401,22 @@ static OSSL_CMP_ITAV *process_genm_itav(mock_srv_ctx *ctx, int req_nid, rsp = OSSL_CMP_ITAV_new_caCerts(ctx->caPubsOut); break; case NID_id_it_rootCaCert: - rsp = OSSL_CMP_ITAV_new_rootCaKeyUpdate(ctx->newWithNew, - ctx->newWithOld, - ctx->oldWithNew); + { + X509 *rootcacert = NULL; + + if (!OSSL_CMP_ITAV_get0_rootCaCert(req, &rootcacert)) + return NULL; + + if (rootcacert != NULL + && X509_NAME_cmp(X509_get_subject_name(rootcacert), + X509_get_subject_name(ctx->newWithNew)) != 0) + /* The subjects do not match */ + rsp = OSSL_CMP_ITAV_new_rootCaKeyUpdate(NULL, NULL, NULL); + else + rsp = OSSL_CMP_ITAV_new_rootCaKeyUpdate(ctx->newWithNew, + ctx->newWithOld, + ctx->oldWithNew); + } break; default: rsp = OSSL_CMP_ITAV_dup(req); diff --git a/apps/lib/http_server.c b/apps/lib/http_server.c index bca2e7110d..0db0de2aa7 100644 --- a/apps/lib/http_server.c +++ b/apps/lib/http_server.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -26,12 +26,6 @@ #include "s_apps.h" #include "log.h" -#if defined(__TANDEM) -# if defined(OPENSSL_TANDEM_FLOSS) -# include -# endif -#endif - #define HTTP_PREFIX "HTTP/" #define HTTP_VERSION_PATT "1." /* allow 1.x */ #define HTTP_PREFIX_VERSION HTTP_PREFIX""HTTP_VERSION_PATT @@ -200,7 +194,7 @@ BIO *http_server_init(const char *prog, const char *port, int verb) int port_num; char name[40]; - snprintf(name, sizeof(name), "*:%s", port); /* port may be "0" */ + BIO_snprintf(name, sizeof(name), "*:%s", port); /* port may be "0" */ if (verb >= 0 && !log_set_verbosity(prog, verb)) return NULL; bufbio = BIO_new(BIO_f_buffer()); @@ -208,8 +202,9 @@ BIO *http_server_init(const char *prog, const char *port, int verb) goto err; acbio = BIO_new(BIO_s_accept()); if (acbio == NULL - || BIO_set_bind_mode(acbio, BIO_BIND_REUSEADDR) < 0 - || BIO_set_accept_name(acbio, name) < 0) { + || BIO_set_accept_ip_family(acbio, BIO_FAMILY_IPANY) <= 0 /* IPv4/6 */ + || BIO_set_bind_mode(acbio, BIO_BIND_REUSEADDR) <= 0 + || BIO_set_accept_name(acbio, name) <= 0) { log_HTTP(prog, LOG_ERR, "error setting up accept BIO"); goto err; } diff --git a/apps/lib/opt.c b/apps/lib/opt.c index 0490c39c25..0018c268c0 100644 --- a/apps/lib/opt.c +++ b/apps/lib/opt.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -646,7 +646,7 @@ int opt_uintmax(const char *value, ossl_uintmax_t *result) opt_number_error(value); return 0; } - *result = (ossl_intmax_t)m; + *result = (ossl_uintmax_t)m; errno = oerrno; return 1; } diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c index 7a719b9b0c..e94c5d6121 100644 --- a/apps/lib/s_cb.c +++ b/apps/lib/s_cb.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -243,10 +243,10 @@ static const char *get_sigtype(int nid) return "ECDSA"; case NID_ED25519: - return "Ed25519"; + return "ed25519"; case NID_ED448: - return "Ed448"; + return "ed448"; case NID_id_GostR3410_2001: return "gost2001"; @@ -292,6 +292,26 @@ static int do_print_sigalgs(BIO *out, SSL *s, int shared) SSL_get_sigalgs(s, i, &sign_nid, &hash_nid, NULL, &rsign, &rhash); if (i) BIO_puts(out, ":"); + switch (rsign | rhash << 8) { + case 0x0809: + BIO_puts(out, "rsa_pss_pss_sha256"); + continue; + case 0x080a: + BIO_puts(out, "rsa_pss_pss_sha384"); + continue; + case 0x080b: + BIO_puts(out, "rsa_pss_pss_sha512"); + continue; + case 0x081a: + BIO_puts(out, "ecdsa_brainpoolP256r1_sha256"); + continue; + case 0x081b: + BIO_puts(out, "ecdsa_brainpoolP384r1_sha384"); + continue; + case 0x081c: + BIO_puts(out, "ecdsa_brainpoolP512r1_sha512"); + continue; + } sstr = get_sigtype(sign_nid); if (sstr) BIO_printf(out, "%s", sstr); @@ -704,7 +724,7 @@ void msg_cb(int write_p, int version, int content_type, const void *buf, (void)BIO_flush(bio); } -static STRINT_PAIR tlsext_types[] = { +static const STRINT_PAIR tlsext_types[] = { {"server name", TLSEXT_TYPE_server_name}, {"max fragment length", TLSEXT_TYPE_max_fragment_length}, {"client certificate URL", TLSEXT_TYPE_client_certificate_url}, @@ -746,6 +766,7 @@ static STRINT_PAIR tlsext_types[] = { {"psk kex modes", TLSEXT_TYPE_psk_kex_modes}, {"certificate authorities", TLSEXT_TYPE_certificate_authorities}, {"post handshake auth", TLSEXT_TYPE_post_handshake_auth}, + {"early_data", TLSEXT_TYPE_early_data}, {NULL} }; diff --git a/apps/lib/s_socket.c b/apps/lib/s_socket.c index ace51686ad..a1935bcce2 100644 --- a/apps/lib/s_socket.c +++ b/apps/lib/s_socket.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -41,12 +41,6 @@ typedef unsigned int u_int; # include "s_apps.h" # include "internal/sockets.h" -# if defined(__TANDEM) -# if defined(OPENSSL_TANDEM_FLOSS) -# include -# endif -# endif - # include # include @@ -90,9 +84,6 @@ int init_client(int *sock, const char *host, const char *port, int ret; int options = 0; - if (tfo && ba_ret != NULL) - *ba_ret = NULL; - if (BIO_sock_init() != 1) return 0; @@ -419,6 +410,12 @@ int do_server(int *accept_sock, const char *host, const char *port, BIO_closesocket(asock); break; } + + if (naccept != -1) + naccept--; + if (naccept == 0) + BIO_closesocket(asock); + BIO_set_tcp_ndelay(sock, 1); i = (*cb)(sock, type, protocol, context); @@ -449,11 +446,12 @@ int do_server(int *accept_sock, const char *host, const char *port, BIO_closesocket(sock); } else { + if (naccept != -1) + naccept--; + i = (*cb)(asock, type, protocol, context); } - if (naccept != -1) - naccept--; if (i < 0 || naccept == 0) { BIO_closesocket(asock); ret = i; diff --git a/apps/lib/vms_term_sock.c b/apps/lib/vms_term_sock.c index 86f50c3d9a..219a978966 100644 --- a/apps/lib/vms_term_sock.c +++ b/apps/lib/vms_term_sock.c @@ -353,7 +353,7 @@ static int CreateSocketPair (int SocketFamily, /* ** Get the binary (64-bit) time of the specified timeout value */ - sprintf (AscTimeBuff, "0 0:0:%02d.00", SOCKET_PAIR_TIMEOUT_VALUE); + BIO_snprintf(AscTimeBuff, sizeof(AscTimeBuff), "0 0:0:%02d.00", SOCKET_PAIR_TIMEOUT_VALUE); AscTimeDesc.dsc$w_length = strlen (AscTimeBuff); AscTimeDesc.dsc$a_pointer = AscTimeBuff; status = sys$bintim (&AscTimeDesc, BinTimeBuff); @@ -567,10 +567,10 @@ static void LogMessage (char *msg, ...) /* ** Format the message buffer */ - sprintf (MsgBuff, "%02d-%s-%04d %02d:%02d:%02d [%08X] %s\n", - LocTime->tm_mday, Month[LocTime->tm_mon], - (LocTime->tm_year + 1900), LocTime->tm_hour, LocTime->tm_min, - LocTime->tm_sec, pid, msg); + BIO_snprintf(MsgBuff, sizeof(MsgBuff), "%02d-%s-%04d %02d:%02d:%02d [%08X] %s\n", + LocTime->tm_mday, Month[LocTime->tm_mon], + (LocTime->tm_year + 1900), LocTime->tm_hour, LocTime->tm_min, + LocTime->tm_sec, pid, msg); /* ** Get any variable arguments and add them to the print of the message diff --git a/apps/list.c b/apps/list.c index adcf6803b4..433d9a2f00 100644 --- a/apps/list.c +++ b/apps/list.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -1230,6 +1230,7 @@ static void list_provider_info(void) } if (OSSL_PROVIDER_do_all(NULL, &collect_providers, providers) != 1) { + sk_OSSL_PROVIDER_free(providers); BIO_printf(bio_err, "ERROR: Memory allocation\n"); return; } diff --git a/apps/ocsp.c b/apps/ocsp.c index 17313520cf..11af0a3a6f 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -33,12 +33,6 @@ #include #include -#if defined(__TANDEM) -# if defined(OPENSSL_TANDEM_FLOSS) -# include -# endif -#endif - #if defined(OPENSSL_SYS_VXWORKS) /* not supported */ int setpgid(pid_t pid, pid_t pgid) @@ -1055,6 +1049,10 @@ static void make_ocsp_response(BIO *err, OCSP_RESPONSE **resp, OCSP_REQUEST *req } bs = OCSP_BASICRESP_new(); + if (bs == NULL) { + *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR, bs); + goto end; + } thisupd = X509_gmtime_adj(NULL, 0); if (ndays != -1) nextupd = X509_time_adj_ex(NULL, ndays, nmin * 60, NULL); diff --git a/apps/passwd.c b/apps/passwd.c index 379928563c..9b8b6f2f0e 100644 --- a/apps/passwd.c +++ b/apps/passwd.c @@ -589,7 +589,8 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt) OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf)); if (rounds_custom) { char tmp_buf[80]; /* "rounds=999999999" */ - sprintf(tmp_buf, "rounds=%u", rounds); + + BIO_snprintf(tmp_buf, sizeof(tmp_buf), "rounds=%u", rounds); #ifdef CHARSET_EBCDIC /* In case we're really on a ASCII based platform and just pretend */ if (tmp_buf[0] != 0x72) /* ASCII 'r' */ diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 117b673643..c6a00068d2 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -320,7 +320,8 @@ int pkcs12_main(int argc, char **argv) if (canames == NULL && (canames = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(canames, opt_arg()); + if (sk_OPENSSL_STRING_push(canames, opt_arg()) <= 0) + goto end; break; case OPT_IN: infile = opt_arg(); @@ -732,9 +733,6 @@ int pkcs12_main(int argc, char **argv) in = bio_open_default(infile, 'r', FORMAT_PKCS12); if (in == NULL) goto end; - out = bio_open_owner(outfile, FORMAT_PEM, private); - if (out == NULL) - goto end; p12 = PKCS12_init_ex(NID_pkcs7_data, app_get0_libctx(), app_get0_propq()); if (p12 == NULL) { @@ -834,6 +832,11 @@ int pkcs12_main(int argc, char **argv) dump: assert(private); + + out = bio_open_owner(outfile, FORMAT_PEM, private); + if (out == NULL) + goto end; + if (!dump_certs_keys_p12(out, p12, cpass, -1, options, passout, enc)) { BIO_printf(bio_err, "Error outputting keys and certificates\n"); ERR_print_errors(bio_err); @@ -901,7 +904,11 @@ int dump_certs_keys_p12(BIO *out, const PKCS12 *p12, const char *pass, } else if (bagnid == NID_pkcs7_encrypted) { if (options & INFO) { BIO_printf(bio_err, "PKCS7 Encrypted data: "); - alg_print(p7->d.encrypted->enc_data->algorithm); + if (p7->d.encrypted == NULL) { + BIO_printf(bio_err, "\n"); + } else { + alg_print(p7->d.encrypted->enc_data->algorithm); + } } bags = PKCS12_unpack_p7encdata(p7, pass, passlen); } else { diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c index b5390c64c2..2a11014a9d 100644 --- a/apps/pkeyutl.c +++ b/apps/pkeyutl.c @@ -81,10 +81,11 @@ const OPTIONS pkeyutl_options[] = { OPT_SECTION("Output"), {"out", OPT_OUT, '>', "Output file - default stdout"}, - {"asn1parse", OPT_ASN1PARSE, '-', "asn1parse the output data"}, + {"asn1parse", OPT_ASN1PARSE, '-', + "parse the output as ASN.1 data to check its DER encoding and print errors"}, {"hexdump", OPT_HEXDUMP, '-', "Hex dump output"}, {"verifyrecover", OPT_VERIFYRECOVER, '-', - "Verify with public key, recover original data"}, + "Verify RSA signature, recovering original signature input data"}, OPT_SECTION("Signing/Derivation"), {"digest", OPT_DIGEST, 's', diff --git a/apps/rehash.c b/apps/rehash.c index 26bdb64ae4..ad0f864fa3 100644 --- a/apps/rehash.c +++ b/apps/rehash.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2013-2014 Timo Teräs * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -559,6 +559,11 @@ int rehash_main(int argc, char **argv) } else if ((env = getenv(X509_get_default_cert_dir_env())) != NULL) { char lsc[2] = { LIST_SEPARATOR_CHAR, '\0' }; m = OPENSSL_strdup(env); + if (m == NULL) { + BIO_puts(bio_err, "out of memory\n"); + errs = 1; + goto end; + } for (e = strtok(m, lsc); e != NULL; e = strtok(NULL, lsc)) errs += do_dir(e, h); OPENSSL_free(m); diff --git a/apps/req.c b/apps/req.c index 00ef231e11..b54a489722 100644 --- a/apps/req.c +++ b/apps/req.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -573,7 +573,7 @@ int req_main(int argc, char **argv) X509V3_CTX ctx; X509V3_set_ctx_test(&ctx); - X509V3_set_nconf(&ctx, addext_conf); + X509V3_set_nconf(&ctx, req_conf); if (!X509V3_EXT_add_nconf(addext_conf, &ctx, "default", NULL)) { BIO_printf(bio_err, "Error checking extensions defined using -addext\n"); goto end; @@ -918,9 +918,10 @@ int req_main(int argc, char **argv) if (i < 0) goto end; - if (i == 0) + if (i == 0) { BIO_printf(bio_err, "Certificate request self-signature verify failure\n"); - else /* i > 0 */ + goto end; + } else /* i > 0 */ BIO_printf(bio_out, "Certificate request self-signature verify OK\n"); } diff --git a/apps/s_client.c b/apps/s_client.c index 78a44755cb..0dc5123491 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2005 Nokia. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -2167,6 +2167,9 @@ int s_client_main(int argc, char **argv) if (tfo) BIO_printf(bio_c_out, "Connecting via TFO\n"); re_start: + /* peer_addr might be set from previous connections */ + BIO_ADDR_free(peer_addr); + peer_addr = NULL; if (init_client(&sock, host, port, bindhost, bindport, socket_family, socket_type, protocol, tfo, !isquic, &peer_addr) == 0) { BIO_printf(bio_err, "connect:errno=%d\n", get_last_socket_error()); diff --git a/apps/s_server.c b/apps/s_server.c index 07086ef0f6..4a26c0178f 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * diff --git a/apps/s_time.c b/apps/s_time.c index dd9f354be9..0d5bd12287 100644 --- a/apps/s_time.c +++ b/apps/s_time.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/apps/smime.c b/apps/smime.c index b59e14b0b5..02ae596b3b 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -118,7 +118,7 @@ const OPTIONS smime_options[] = { "Do not load certificates from the default certificates store"}, {"nochain", OPT_NOCHAIN, '-', "set PKCS7_NOCHAIN so certificates contained in the message are not used as untrusted CAs" }, - {"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of CR only"}, + {"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of LF only"}, OPT_R_OPTIONS, OPT_V_OPTIONS, @@ -312,13 +312,15 @@ int smime_main(int argc, char **argv) if (sksigners == NULL && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(sksigners, signerfile); + if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0) + goto end; if (keyfile == NULL) keyfile = signerfile; if (skkeys == NULL && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(skkeys, keyfile); + if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0) + goto end; keyfile = NULL; } signerfile = opt_arg(); @@ -343,12 +345,14 @@ int smime_main(int argc, char **argv) if (sksigners == NULL && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(sksigners, signerfile); + if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0) + goto end; signerfile = NULL; if (skkeys == NULL && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(skkeys, keyfile); + if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0) + goto end; } keyfile = opt_arg(); break; @@ -421,12 +425,14 @@ int smime_main(int argc, char **argv) if (sksigners == NULL && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(sksigners, signerfile); + if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0) + goto end; if (!skkeys && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) goto end; if (!keyfile) keyfile = signerfile; - sk_OPENSSL_STRING_push(skkeys, keyfile); + if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0) + goto end; } if (sksigners == NULL) { BIO_printf(bio_err, "No signer certificate specified\n"); diff --git a/apps/speed.c b/apps/speed.c index b978323f56..c951c33cf7 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -47,12 +47,6 @@ # include #endif -#if defined(__TANDEM) -# if defined(OPENSSL_TANDEM_FLOSS) -# include -# endif -#endif - #if defined(_WIN32) # include /* @@ -514,6 +508,14 @@ static double sigs_results[MAX_SIG_NUM][3]; /* keygen, sign, verify */ #define COND(unused_cond) (run && count < INT_MAX) #define COUNT(d) (count) +#define TAG_LEN 16 + +static unsigned int mode_op; /* AE Mode of operation */ +static unsigned int aead = 0; /* AEAD flag */ +static unsigned char aead_iv[12]; /* For AEAD modes */ +static unsigned char aad[EVP_AEAD_TLS1_AAD_LEN] = { 0xcc }; +static int aead_ivlen = sizeof(aead_iv); + typedef struct loopargs_st { ASYNC_JOB *inprogress_job; ASYNC_WAIT_CTX *wait_ctx; @@ -522,6 +524,7 @@ typedef struct loopargs_st { unsigned char *buf_malloc; unsigned char *buf2_malloc; unsigned char *key; + unsigned char tag[TAG_LEN]; size_t buflen; size_t sigsize; size_t encsize; @@ -875,44 +878,71 @@ static int EVP_Update_loop(void *args) } /* + * To make AEAD benchmarking more relevant perform TLS-like operations, + * 13-byte AAD followed by payload. But don't use TLS-formatted AAD, as + * payload length is not actually limited by 16KB... * CCM does not support streaming. For the purpose of performance measurement, * each message is encrypted using the same (key,iv)-pair. Do not use this * code in your application. */ -static int EVP_Update_loop_ccm(void *args) +static int EVP_Update_loop_aead_enc(void *args) { loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; + unsigned char *key = tempargs->key; EVP_CIPHER_CTX *ctx = tempargs->ctx; - int outl, count, realcount = 0, final; - unsigned char tag[12]; + int outl, count, realcount = 0; - if (decrypt) { - for (count = 0; COND(c[D_EVP][testnum]); count++) { - if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(tag), - tag) > 0 - /* reset iv */ - && EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv) > 0 - /* counter is reset on every update */ - && EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]) > 0) - realcount++; + for (count = 0; COND(c[D_EVP][testnum]); count++) { + /* Set length of iv (Doesn't apply to SIV mode) */ + if (mode_op != EVP_CIPH_SIV_MODE) { + if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, + aead_ivlen, NULL)) { + BIO_printf(bio_err, "\nFailed to set iv length\n"); + ERR_print_errors(bio_err); + exit(1); + } } - } else { - for (count = 0; COND(c[D_EVP][testnum]); count++) { - /* restore iv length field */ - if (EVP_EncryptUpdate(ctx, NULL, &outl, NULL, lengths[testnum]) > 0 - /* counter is reset on every update */ - && EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]) > 0) - realcount++; + /* Set tag_len (Not for GCM/SIV at encryption stage) */ + if (mode_op != EVP_CIPH_GCM_MODE + && mode_op != EVP_CIPH_SIV_MODE + && mode_op != EVP_CIPH_GCM_SIV_MODE) { + if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, + TAG_LEN, NULL)) { + BIO_printf(bio_err, "\nFailed to set tag length\n"); + ERR_print_errors(bio_err); + exit(1); + } } + if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, aead_iv, -1)) { + BIO_printf(bio_err, "\nFailed to set key and iv\n"); + ERR_print_errors(bio_err); + exit(1); + } + /* Set total length of input. Only required for CCM */ + if (mode_op == EVP_CIPH_CCM_MODE) { + if (!EVP_EncryptUpdate(ctx, NULL, &outl, + NULL, lengths[testnum])) { + BIO_printf(bio_err, "\nCouldn't set input text length\n"); + ERR_print_errors(bio_err); + exit(1); + } + } + if (aead) { + if (!EVP_EncryptUpdate(ctx, NULL, &outl, aad, sizeof(aad))) { + BIO_printf(bio_err, "\nCouldn't insert AAD when encrypting\n"); + ERR_print_errors(bio_err); + exit(1); + } + } + if (!EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum])) { + BIO_printf(bio_err, "\nFailed to encrypt the data\n"); + ERR_print_errors(bio_err); + exit(1); + } + if (EVP_EncryptFinal_ex(ctx, buf, &outl)) + realcount++; } - if (decrypt) - final = EVP_DecryptFinal_ex(ctx, buf, &outl); - else - final = EVP_EncryptFinal_ex(ctx, buf, &outl); - - if (final == 0) - BIO_printf(bio_err, "Error finalizing ccm loop\n"); return realcount; } @@ -920,34 +950,87 @@ static int EVP_Update_loop_ccm(void *args) * To make AEAD benchmarking more relevant perform TLS-like operations, * 13-byte AAD followed by payload. But don't use TLS-formatted AAD, as * payload length is not actually limited by 16KB... + * CCM does not support streaming. For the purpose of performance measurement, + * each message is decrypted using the same (key,iv)-pair. Do not use this + * code in your application. + * For decryption, we will use buf2 to preserve the input text in buf. */ -static int EVP_Update_loop_aead(void *args) +static int EVP_Update_loop_aead_dec(void *args) { loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; + unsigned char *outbuf = tempargs->buf2; + unsigned char *key = tempargs->key; + unsigned char tag[TAG_LEN]; EVP_CIPHER_CTX *ctx = tempargs->ctx; int outl, count, realcount = 0; - unsigned char aad[13] = { 0xcc }; - unsigned char faketag[16] = { 0xcc }; - if (decrypt) { - for (count = 0; COND(c[D_EVP][testnum]); count++) { - if (EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv) > 0 - && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, - sizeof(faketag), faketag) > 0 - && EVP_DecryptUpdate(ctx, NULL, &outl, aad, sizeof(aad)) > 0 - && EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]) > 0 - && EVP_DecryptFinal_ex(ctx, buf + outl, &outl) >0) - realcount++; + for (count = 0; COND(c[D_EVP][testnum]); count++) { + /* Set the length of iv (Doesn't apply to SIV mode) */ + if (mode_op != EVP_CIPH_SIV_MODE) { + if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, + aead_ivlen, NULL)) { + BIO_printf(bio_err, "\nFailed to set iv length\n"); + ERR_print_errors(bio_err); + exit(1); + } } - } else { - for (count = 0; COND(c[D_EVP][testnum]); count++) { - if (EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv) > 0 - && EVP_EncryptUpdate(ctx, NULL, &outl, aad, sizeof(aad)) > 0 - && EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]) > 0 - && EVP_EncryptFinal_ex(ctx, buf + outl, &outl) > 0) - realcount++; + + /* Set the tag length (Doesn't apply to SIV mode) */ + if (mode_op != EVP_CIPH_SIV_MODE + && mode_op != EVP_CIPH_GCM_MODE + && mode_op != EVP_CIPH_GCM_SIV_MODE) { + if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, + TAG_LEN, NULL)) { + BIO_printf(bio_err, "\nFailed to set tag length\n"); + ERR_print_errors(bio_err); + exit(1); + } } + if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, aead_iv, -1)) { + BIO_printf(bio_err, "\nFailed to set key and iv\n"); + ERR_print_errors(bio_err); + exit(1); + } + /* Set iv before decryption (Doesn't apply to SIV mode) */ + if (mode_op != EVP_CIPH_SIV_MODE) { + if (!EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, aead_iv)) { + BIO_printf(bio_err, "\nFailed to set iv\n"); + ERR_print_errors(bio_err); + exit(1); + } + } + memcpy(tag, tempargs->tag, TAG_LEN); + + if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, + TAG_LEN, tag)) { + BIO_printf(bio_err, "\nFailed to set tag\n"); + ERR_print_errors(bio_err); + exit(1); + } + /* Set the total length of cipher text. Only required for CCM */ + if (mode_op == EVP_CIPH_CCM_MODE) { + if (!EVP_DecryptUpdate(ctx, NULL, &outl, + NULL, lengths[testnum])) { + BIO_printf(bio_err, "\nCouldn't set cipher text length\n"); + ERR_print_errors(bio_err); + exit(1); + } + } + if (aead) { + if (!EVP_DecryptUpdate(ctx, NULL, &outl, aad, sizeof(aad))) { + BIO_printf(bio_err, "\nCouldn't insert AAD when decrypting\n"); + ERR_print_errors(bio_err); + exit(1); + } + } + if (!EVP_DecryptUpdate(ctx, outbuf, &outl, buf, lengths[testnum])) { + BIO_printf(bio_err, "\nFailed to decrypt the data\n"); + ERR_print_errors(bio_err); + exit(1); + } + if (EVP_DecryptFinal_ex(ctx, outbuf, &outl)) + realcount++; } return realcount; } @@ -1410,6 +1493,24 @@ static int SIG_verify_loop(void *args) return count; } +static int check_block_size(EVP_CIPHER_CTX *ctx, int length) +{ + const EVP_CIPHER *ciph = EVP_CIPHER_CTX_get0_cipher(ctx); + int blocksize = EVP_CIPHER_CTX_get_block_size(ctx); + + if (ciph == NULL || blocksize <= 0) { + BIO_printf(bio_err, "\nInvalid cipher!\n"); + return 0; + } + if (length % blocksize != 0) { + BIO_printf(bio_err, + "\nRequested encryption length not a multiple of block size for %s!\n", + EVP_CIPHER_get0_name(ciph)); + return 0; + } + return 1; +} + static int run_benchmark(int async_jobs, int (*loop_function) (void *), loopargs_t *loopargs) { @@ -1750,14 +1851,14 @@ int speed_main(int argc, char **argv) OPTION_CHOICE o; int async_init = 0, multiblock = 0, pr_header = 0; uint8_t doit[ALGOR_NUM] = { 0 }; - int ret = 1, misalign = 0, lengths_single = 0, aead = 0; + int ret = 1, misalign = 0, lengths_single = 0; STACK_OF(EVP_KEM) *kem_stack = NULL; STACK_OF(EVP_SIGNATURE) *sig_stack = NULL; long count = 0; unsigned int size_num = SIZE_NUM; unsigned int i, k, loopargs_len = 0, async_jobs = 0; unsigned int idx; - int keylen; + int keylen = 0; int buflen; size_t declen; BIGNUM *bn = NULL; @@ -2575,13 +2676,13 @@ int speed_main(int argc, char **argv) if (doit[D_HMAC]) { static const char hmac_key[] = "This is a key..."; int len = strlen(hmac_key); + size_t hmac_name_len = sizeof("hmac()") + strlen(evp_mac_mdname); OSSL_PARAM params[3]; if (evp_mac_mdname == NULL) goto end; - evp_hmac_name = app_malloc(sizeof("hmac()") + strlen(evp_mac_mdname), - "HMAC name"); - sprintf(evp_hmac_name, "hmac(%s)", evp_mac_mdname); + evp_hmac_name = app_malloc(hmac_name_len, "HMAC name"); + BIO_snprintf(evp_hmac_name, hmac_name_len, "hmac(%s)", evp_mac_mdname); names[D_HMAC] = evp_hmac_name; params[0] = @@ -2616,6 +2717,8 @@ int speed_main(int argc, char **argv) } algindex = D_CBC_DES; for (testnum = 0; st && testnum < size_num; testnum++) { + if (!check_block_size(loopargs[0].ctx, lengths[testnum])) + break; print_message(names[D_CBC_DES], lengths[testnum], seconds.sym); Time_F(START); count = run_benchmark(async_jobs, EVP_Cipher_loop, loopargs); @@ -2636,6 +2739,8 @@ int speed_main(int argc, char **argv) } algindex = D_EDE3_DES; for (testnum = 0; st && testnum < size_num; testnum++) { + if (!check_block_size(loopargs[0].ctx, lengths[testnum])) + break; print_message(names[D_EDE3_DES], lengths[testnum], seconds.sym); Time_F(START); count = @@ -2660,6 +2765,8 @@ int speed_main(int argc, char **argv) } for (testnum = 0; st && testnum < size_num; testnum++) { + if (!check_block_size(loopargs[0].ctx, lengths[testnum])) + break; print_message(names[algindex], lengths[testnum], seconds.sym); Time_F(START); count = @@ -2685,6 +2792,8 @@ int speed_main(int argc, char **argv) } for (testnum = 0; st && testnum < size_num; testnum++) { + if (!check_block_size(loopargs[0].ctx, lengths[testnum])) + break; print_message(names[algindex], lengths[testnum], seconds.sym); Time_F(START); count = @@ -2709,6 +2818,8 @@ int speed_main(int argc, char **argv) } for (testnum = 0; st && testnum < size_num; testnum++) { + if (!check_block_size(loopargs[0].ctx, lengths[testnum])) + break; print_message(names[algindex], lengths[testnum], seconds.sym); Time_F(START); count = @@ -2762,12 +2873,20 @@ int speed_main(int argc, char **argv) } } + /*- + * There are three scenarios for D_EVP: + * 1- Using authenticated encryption (AE) e.g. CCM, GCM, OCB etc. + * 2- Using AE + associated data (AD) i.e. AEAD using CCM, GCM, OCB etc. + * 3- Not using AE or AD e.g. ECB, CBC, CFB etc. + */ if (doit[D_EVP]) { if (evp_cipher != NULL) { - int (*loopfunc) (void *) = EVP_Update_loop; + int (*loopfunc) (void *); + int outlen = 0; + unsigned int ae_mode = 0; - if (multiblock && (EVP_CIPHER_get_flags(evp_cipher) & - EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) { + if (multiblock && (EVP_CIPHER_get_flags(evp_cipher) + & EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) { multiblock_speed(evp_cipher, lengths_single, &seconds); ret = 0; goto end; @@ -2775,16 +2894,27 @@ int speed_main(int argc, char **argv) names[D_EVP] = EVP_CIPHER_get0_name(evp_cipher); - if (EVP_CIPHER_get_mode(evp_cipher) == EVP_CIPH_CCM_MODE) { - loopfunc = EVP_Update_loop_ccm; - } else if (aead && (EVP_CIPHER_get_flags(evp_cipher) & - EVP_CIPH_FLAG_AEAD_CIPHER)) { - loopfunc = EVP_Update_loop_aead; + mode_op = EVP_CIPHER_get_mode(evp_cipher); + + if (aead) { if (lengths == lengths_list) { lengths = aead_lengths_list; size_num = OSSL_NELEM(aead_lengths_list); } } + if (mode_op == EVP_CIPH_GCM_MODE + || mode_op == EVP_CIPH_CCM_MODE + || mode_op == EVP_CIPH_OCB_MODE + || mode_op == EVP_CIPH_SIV_MODE + || mode_op == EVP_CIPH_GCM_SIV_MODE) { + ae_mode = 1; + if (decrypt) + loopfunc = EVP_Update_loop_aead_dec; + else + loopfunc = EVP_Update_loop_aead_enc; + } else { + loopfunc = EVP_Update_loop; + } for (testnum = 0; testnum < size_num; testnum++) { print_message(names[D_EVP], lengths[testnum], seconds.sym); @@ -2795,38 +2925,147 @@ int speed_main(int argc, char **argv) BIO_printf(bio_err, "\nEVP_CIPHER_CTX_new failure\n"); exit(1); } - if (!EVP_CipherInit_ex(loopargs[k].ctx, evp_cipher, NULL, - NULL, iv, decrypt ? 0 : 1)) { - BIO_printf(bio_err, "\nEVP_CipherInit_ex failure\n"); + + /* + * For AE modes, we must first encrypt the data to get + * a valid tag that enables us to decrypt. If we don't + * encrypt first, we won't have a valid tag that enables + * authenticity and hence decryption will fail. + */ + if (!EVP_CipherInit_ex(loopargs[k].ctx, + evp_cipher, NULL, NULL, NULL, + ae_mode ? 1 : !decrypt)) { + BIO_printf(bio_err, "\nCouldn't init the context\n"); ERR_print_errors(bio_err); exit(1); } + /* Padding isn't needed */ EVP_CIPHER_CTX_set_padding(loopargs[k].ctx, 0); keylen = EVP_CIPHER_CTX_get_key_length(loopargs[k].ctx); loopargs[k].key = app_malloc(keylen, "evp_cipher key"); EVP_CIPHER_CTX_rand_key(loopargs[k].ctx, loopargs[k].key); - if (!EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL, - loopargs[k].key, NULL, -1)) { - BIO_printf(bio_err, "\nEVP_CipherInit_ex failure\n"); - ERR_print_errors(bio_err); - exit(1); - } - OPENSSL_clear_free(loopargs[k].key, keylen); - /* GCM-SIV/SIV mode only allows for a single Update operation */ - if (EVP_CIPHER_get_mode(evp_cipher) == EVP_CIPH_SIV_MODE - || EVP_CIPHER_get_mode(evp_cipher) == EVP_CIPH_GCM_SIV_MODE) - (void)EVP_CIPHER_CTX_ctrl(loopargs[k].ctx, - EVP_CTRL_SET_SPEED, 1, NULL); + if (!ae_mode) { + if (!EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL, + loopargs[k].key, iv, -1)) { + BIO_printf(bio_err, "\nFailed to set the key\n"); + ERR_print_errors(bio_err); + exit(1); + } + } else if (mode_op == EVP_CIPH_SIV_MODE + || mode_op == EVP_CIPH_GCM_SIV_MODE) { + EVP_CIPHER_CTX_ctrl(loopargs[k].ctx, + EVP_CTRL_SET_SPEED, 1, NULL); + } + if (ae_mode && decrypt) { + /* Set length of iv (Doesn't apply to SIV mode) */ + if (mode_op != EVP_CIPH_SIV_MODE) { + if (!EVP_CIPHER_CTX_ctrl(loopargs[k].ctx, + EVP_CTRL_AEAD_SET_IVLEN, + aead_ivlen, NULL)) { + BIO_printf(bio_err, "\nFailed to set iv length\n"); + ERR_print_errors(bio_err); + exit(1); + } + } + /* Set tag_len (Not for GCM/SIV at encryption stage) */ + if (mode_op != EVP_CIPH_GCM_MODE + && mode_op != EVP_CIPH_SIV_MODE + && mode_op != EVP_CIPH_GCM_SIV_MODE) { + if (!EVP_CIPHER_CTX_ctrl(loopargs[k].ctx, + EVP_CTRL_AEAD_SET_TAG, + TAG_LEN, NULL)) { + BIO_printf(bio_err, + "\nFailed to set tag length\n"); + ERR_print_errors(bio_err); + exit(1); + } + } + if (!EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL, + loopargs[k].key, aead_iv, -1)) { + BIO_printf(bio_err, "\nFailed to set the key\n"); + ERR_print_errors(bio_err); + exit(1); + } + /* Set total length of input. Only required for CCM */ + if (mode_op == EVP_CIPH_CCM_MODE) { + if (!EVP_EncryptUpdate(loopargs[k].ctx, NULL, + &outlen, NULL, + lengths[testnum])) { + BIO_printf(bio_err, + "\nCouldn't set input text length\n"); + ERR_print_errors(bio_err); + exit(1); + } + } + if (aead) { + if (!EVP_EncryptUpdate(loopargs[k].ctx, NULL, + &outlen, aad, sizeof(aad))) { + BIO_printf(bio_err, + "\nCouldn't insert AAD when encrypting\n"); + ERR_print_errors(bio_err); + exit(1); + } + } + if (!EVP_EncryptUpdate(loopargs[k].ctx, loopargs[k].buf, + &outlen, loopargs[k].buf, + lengths[testnum])) { + BIO_printf(bio_err, + "\nFailed to to encrypt the data\n"); + ERR_print_errors(bio_err); + exit(1); + } + + if (!EVP_EncryptFinal_ex(loopargs[k].ctx, + loopargs[k].buf, &outlen)) { + BIO_printf(bio_err, + "\nFailed finalize the encryption\n"); + ERR_print_errors(bio_err); + exit(1); + } + + if (!EVP_CIPHER_CTX_ctrl(loopargs[k].ctx, + EVP_CTRL_AEAD_GET_TAG, + TAG_LEN, &loopargs[k].tag)) { + BIO_printf(bio_err, "\nFailed to get the tag\n"); + ERR_print_errors(bio_err); + exit(1); + } + + EVP_CIPHER_CTX_free(loopargs[k].ctx); + loopargs[k].ctx = EVP_CIPHER_CTX_new(); + if (loopargs[k].ctx == NULL) { + BIO_printf(bio_err, + "\nEVP_CIPHER_CTX_new failure\n"); + exit(1); + } + if (!EVP_CipherInit_ex(loopargs[k].ctx, evp_cipher, + NULL, NULL, NULL, 0)) { + BIO_printf(bio_err, + "\nFailed initializing the context\n"); + ERR_print_errors(bio_err); + exit(1); + } + + EVP_CIPHER_CTX_set_padding(loopargs[k].ctx, 0); + + /* GCM-SIV/SIV only allows for one Update operation */ + if (mode_op == EVP_CIPH_SIV_MODE + || mode_op == EVP_CIPH_GCM_SIV_MODE) + EVP_CIPHER_CTX_ctrl(loopargs[k].ctx, + EVP_CTRL_SET_SPEED, 1, NULL); + } } Time_F(START); count = run_benchmark(async_jobs, loopfunc, loopargs); d = Time_F(STOP); - for (k = 0; k < loopargs_len; k++) + for (k = 0; k < loopargs_len; k++) { + OPENSSL_clear_free(loopargs[k].key, keylen); EVP_CIPHER_CTX_free(loopargs[k].ctx); + } print_result(D_EVP, testnum, count, d); } } else if (evp_md_name != NULL) { @@ -2845,6 +3084,7 @@ int speed_main(int argc, char **argv) } if (doit[D_EVP_CMAC]) { + size_t len = sizeof("cmac()") + strlen(evp_mac_ciphername); OSSL_PARAM params[3]; EVP_CIPHER *cipher = NULL; @@ -2857,9 +3097,8 @@ int speed_main(int argc, char **argv) BIO_printf(bio_err, "\nRequested CMAC cipher with unsupported key length.\n"); goto end; } - evp_cmac_name = app_malloc(sizeof("cmac()") - + strlen(evp_mac_ciphername), "CMAC name"); - sprintf(evp_cmac_name, "cmac(%s)", evp_mac_ciphername); + evp_cmac_name = app_malloc(len, "CMAC name"); + BIO_snprintf(evp_cmac_name, len, "cmac(%s)", evp_mac_ciphername); names[D_EVP_CMAC] = evp_cmac_name; params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_CIPHER, @@ -3033,7 +3272,7 @@ int speed_main(int argc, char **argv) ERR_print_errors(bio_err); op_count = 1; } else { - pkey_print_message("private", "rsa encrypt", + pkey_print_message("public", "rsa encrypt", rsa_keys[testnum].bits, seconds.rsa); /* RSA_blinding_on(rsa_key[testnum],NULL); */ Time_F(START); @@ -3101,7 +3340,6 @@ int speed_main(int argc, char **argv) loopargs[i].sigsize = loopargs[i].buflen; if (loopargs[i].dsa_sign_ctx[testnum] == NULL || EVP_PKEY_sign_init(loopargs[i].dsa_sign_ctx[testnum]) <= 0 - || EVP_PKEY_sign(loopargs[i].dsa_sign_ctx[testnum], loopargs[i].buf2, &loopargs[i].sigsize, @@ -3178,7 +3416,6 @@ int speed_main(int argc, char **argv) loopargs[i].sigsize = loopargs[i].buflen; if (loopargs[i].ecdsa_sign_ctx[testnum] == NULL || EVP_PKEY_sign_init(loopargs[i].ecdsa_sign_ctx[testnum]) <= 0 - || EVP_PKEY_sign(loopargs[i].ecdsa_sign_ctx[testnum], loopargs[i].buf2, &loopargs[i].sigsize, @@ -4794,7 +5031,6 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single, print_message(alg_name, mblengths[j], seconds->sym); Time_F(START); for (count = 0; run && count < INT_MAX; count++) { - unsigned char aad[EVP_AEAD_TLS1_AAD_LEN]; EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param; size_t len = mblengths[j]; int packlen; diff --git a/apps/ts.c b/apps/ts.c index 65e941d263..64cb765bfa 100644 --- a/apps/ts.c +++ b/apps/ts.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -538,15 +538,18 @@ static int create_digest(BIO *input, const char *digest, const EVP_MD *md, *md_value = OPENSSL_hexstr2buf(digest, &digest_len); if (*md_value == NULL || md_value_len != digest_len) { - OPENSSL_free(*md_value); - *md_value = NULL; BIO_printf(bio_err, "bad digest, %d bytes " "must be specified\n", md_value_len); - return 0; + goto err; } } rv = md_value_len; err: + if (rv <= 0) { + OPENSSL_free(*md_value); + *md_value = NULL; + rv = 0; + } EVP_MD_CTX_free(md_ctx); return rv; } @@ -1015,7 +1018,7 @@ static X509_STORE *create_cert_store(const char *CApath, const char *CAfile, BIO_printf(bio_err, "memory allocation failure\n"); goto err; } - if (X509_LOOKUP_load_store_ex(lookup, CAstore, libctx, propq) <= 0) { + if (X509_LOOKUP_add_store_ex(lookup, CAstore, libctx, propq) <= 0) { BIO_printf(bio_err, "Error loading store URI %s\n", CAstore); goto err; } diff --git a/apps/x509.c b/apps/x509.c index f77f47709a..d96e7819b2 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/build.info b/build.info index 790f2421e5..930a0a940c 100644 --- a/build.info +++ b/build.info @@ -102,6 +102,11 @@ IF[{- $config{target} =~ /^(?:Cygwin|mingw|VC-|BC-)/ -}] ENDIF # This file sets the build directory up for CMake inclusion +# Note: This generation of OpenSSLConfig[Version].cmake is used +# for building openssl locally, and so the build variables are +# taken from builddata.pm rather than installdata.pm. For exportable +# versions of these generated files, you'll find them in the exporters +# directory GENERATE[OpenSSLConfig.cmake]=exporters/cmake/OpenSSLConfig.cmake.in DEPEND[OpenSSLConfig.cmake]=builddata.pm GENERATE[OpenSSLConfigVersion.cmake]=exporters/cmake/OpenSSLConfigVersion.cmake.in @@ -119,7 +124,8 @@ DEPEND[openssl.pc]=builddata.pm DEPEND[openssl.pc]=libcrypto.pc libssl.pc GENERATE[builddata.pm]=util/mkinstallvars.pl \ - PREFIX=. BINDIR=apps LIBDIR= INCLUDEDIR=include APPLINKDIR=ms \ + PREFIX=. BINDIR=apps APPLINKDIR=ms \ + LIBDIR= INCLUDEDIR=include "INCLUDEDIR=$(SRCDIR)/include" \ ENGINESDIR=engines MODULESDIR=providers \ "VERSION=$(VERSION)" "LDLIBS=$(LIB_EX_LIBS)" diff --git a/configdata.pm.in b/configdata.pm.in index 68439ae93c..fea6004d6c 100644 --- a/configdata.pm.in +++ b/configdata.pm.in @@ -145,7 +145,7 @@ _____ # defined in one template stick around for the # next, making them combinable PACKAGE => 'OpenSSL::safe') - or die $Text::Template::ERROR; + or die $OpenSSL::Template::ERROR; close BUILDFILE; rename("$buildfile.new", $buildfile) or die "Trying to rename $buildfile.new to $buildfile: $!"; @@ -167,7 +167,7 @@ _____ # defined in one template stick around for the # next, making them combinable PACKAGE => 'OpenSSL::safe') - or die $Text::Template::ERROR; + or die $OpenSSL::Template::ERROR; close CONFIGURATION_H; # When using stat() on Windows, we can get it to perform better by diff --git a/crypto/aes/asm/aesv8-armx.pl b/crypto/aes/asm/aesv8-armx.pl index 642d779b99..16fbc9b48d 100755 --- a/crypto/aes/asm/aesv8-armx.pl +++ b/crypto/aes/asm/aesv8-armx.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2014-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2014-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -2493,7 +2493,7 @@ ${prefix}_ctr32_encrypt_blocks_unroll12_eor3: ldp d8,d9,[sp, #16] ldp d10,d11,[sp, #32] ldp d12,d13,[sp, #48] - ldp d15,d16,[sp, #64] + ldp d14,d15,[sp, #64] ldr x29,[sp],#80 ret .size ${prefix}_ctr32_encrypt_blocks_unroll12_eor3,.-${prefix}_ctr32_encrypt_blocks_unroll12_eor3 diff --git a/crypto/aes/asm/bsaes-armv8.pl b/crypto/aes/asm/bsaes-armv8.pl index b3c97e439f..2e22cb9dd9 100644 --- a/crypto/aes/asm/bsaes-armv8.pl +++ b/crypto/aes/asm/bsaes-armv8.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -32,7 +32,7 @@ sub data } __END__ -// Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. +// Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. // // Licensed under the OpenSSL license (the "License"). You may not use // this file except in compliance with the License. You can obtain a copy @@ -1018,6 +1018,7 @@ _bsaes_key_convert: // Initialisation vector overwritten with last quadword of ciphertext // No output registers, usual AAPCS64 register preservation ossl_bsaes_cbc_encrypt: + AARCH64_VALID_CALL_TARGET cmp x2, #128 bhs .Lcbc_do_bsaes b AES_cbc_encrypt @@ -1270,7 +1271,7 @@ ossl_bsaes_cbc_encrypt: // Output text filled in // No output registers, usual AAPCS64 register preservation ossl_bsaes_ctr32_encrypt_blocks: - + AARCH64_VALID_CALL_TARGET cmp x2, #8 // use plain AES for blo .Lctr_enc_short // small sizes @@ -1476,6 +1477,7 @@ ossl_bsaes_ctr32_encrypt_blocks: // Output ciphertext filled in // No output registers, usual AAPCS64 register preservation ossl_bsaes_xts_encrypt: + AARCH64_VALID_CALL_TARGET // Stack layout: // sp -> // nrounds*128-96 bytes: key schedule @@ -1921,6 +1923,7 @@ ossl_bsaes_xts_encrypt: // Output plaintext filled in // No output registers, usual AAPCS64 register preservation ossl_bsaes_xts_decrypt: + AARCH64_VALID_CALL_TARGET // Stack layout: // sp -> // nrounds*128-96 bytes: key schedule diff --git a/crypto/aes/asm/vpaes-loongarch64.pl b/crypto/aes/asm/vpaes-loongarch64.pl index c85ec40db2..00f3ed55bf 100644 --- a/crypto/aes/asm/vpaes-loongarch64.pl +++ b/crypto/aes/asm/vpaes-loongarch64.pl @@ -29,9 +29,9 @@ ($vr0,$vr1,$vr2,$vr3,$vr4,$vr5,$vr6,$vr7,$vr8,$vr9,$vr10,$vr11,$vr12,$vr13,$vr14,$vr15,$vr16,$vr17,$vr18,$vr19)=map("\$vr$_",(0..19)); ($fp)=map("\$r$_",(22)); -for (@ARGV) { $output=$_ if (/\w[\w\-]*\.\w+$/); } -open STDOUT,">$output"; -while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} +# $output is the last argument if it looks like a file (it has an extension) +my $output; +$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; open STDOUT,">$output"; $PREFIX="vpaes"; diff --git a/crypto/aes/build.info b/crypto/aes/build.info index 2dc16a2b2e..9d400a74b7 100644 --- a/crypto/aes/build.info +++ b/crypto/aes/build.info @@ -38,7 +38,7 @@ IF[{- !$disabled{asm} -}] $AESASM_parisc20_64=$AESASM_parisc11 $AESDEF_parisc20_64=$AESDEF_parisc11 - IF[{- $target{sys_id} ne "AIX" && $target{sys_id} ne "MACOSX" -}] + IF[{- $target{sys_id} ne "MACOSX" -}] $AESASM_ppc32=aes_core.c aes_cbc.c aes-ppc.s vpaes-ppc.s aesp8-ppc.s ELSE $AESASM_ppc32=aes_core.c aes_cbc.c aes-ppc.s vpaes-ppc.s diff --git a/crypto/arm_arch.h b/crypto/arm_arch.h index da999b5f6d..7ac978fec0 100644 --- a/crypto/arm_arch.h +++ b/crypto/arm_arch.h @@ -1,5 +1,5 @@ /* - * Copyright 2011-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/armcap.c b/crypto/armcap.c index bbb9f454fc..781503eda5 100644 --- a/crypto/armcap.c +++ b/crypto/armcap.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/armv4cpuid.pl b/crypto/armv4cpuid.pl index 04b342551c..9b933c70c4 100644 --- a/crypto/armv4cpuid.pl +++ b/crypto/armv4cpuid.pl @@ -293,6 +293,7 @@ atomic_add_spinlock: #endif .extern OPENSSL_armcap_P +.hidden OPENSSL_armcap_P ___ print $code; diff --git a/crypto/asn1/a_bitstr.c b/crypto/asn1/a_bitstr.c index d394070632..a87cb15b44 100644 --- a/crypto/asn1/a_bitstr.c +++ b/crypto/asn1/a_bitstr.c @@ -36,25 +36,30 @@ int ossl_i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp) if (a->data[len - 1]) break; } - j = a->data[len - 1]; - if (j & 0x01) + + if (len == 0) { bits = 0; - else if (j & 0x02) - bits = 1; - else if (j & 0x04) - bits = 2; - else if (j & 0x08) - bits = 3; - else if (j & 0x10) - bits = 4; - else if (j & 0x20) - bits = 5; - else if (j & 0x40) - bits = 6; - else if (j & 0x80) - bits = 7; - else - bits = 0; /* should not happen */ + } else { + j = a->data[len - 1]; + if (j & 0x01) + bits = 0; + else if (j & 0x02) + bits = 1; + else if (j & 0x04) + bits = 2; + else if (j & 0x08) + bits = 3; + else if (j & 0x10) + bits = 4; + else if (j & 0x20) + bits = 5; + else if (j & 0x40) + bits = 6; + else if (j & 0x80) + bits = 7; + else + bits = 0; /* should not happen */ + } } } else bits = 0; diff --git a/crypto/asn1/a_d2i_fp.c b/crypto/asn1/a_d2i_fp.c index 4af2276a8d..4999ac1f65 100644 --- a/crypto/asn1/a_d2i_fp.c +++ b/crypto/asn1/a_d2i_fp.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -148,6 +148,9 @@ int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) goto err; } len += i; + if ((size_t)i < want) + continue; + } } /* else data already loaded */ diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c index 29ea60596e..f64e3520f8 100644 --- a/crypto/asn1/a_strex.c +++ b/crypto/asn1/a_strex.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,6 +10,7 @@ #include #include #include "internal/cryptlib.h" +#include "internal/sizes.h" #include "crypto/asn1.h" #include #include @@ -343,8 +344,10 @@ static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags, if (lflags & ASN1_STRFLGS_SHOW_TYPE) { const char *tagname; + tagname = ASN1_tag2str(type); - outlen += strlen(tagname); + /* We can directly cast here as tagname will never be too large. */ + outlen += (int)strlen(tagname); if (!io_ch(arg, tagname, outlen) || !io_ch(arg, ":", 1)) return -1; outlen++; @@ -370,7 +373,7 @@ static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags, if (type == -1) { len = do_dump(lflags, io_ch, arg, str); - if (len < 0) + if (len < 0 || len > INT_MAX - outlen) return -1; outlen += len; return outlen; @@ -389,7 +392,7 @@ static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags, } len = do_buf(str->data, str->length, type, flags, "es, io_ch, NULL); - if (len < 0) + if (len < 0 || len > INT_MAX - 2 - outlen) return -1; outlen += len; if (quotes) diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c index 99ac2aed11..8f85971130 100644 --- a/crypto/asn1/a_strnid.c +++ b/crypto/asn1/a_strnid.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -39,10 +39,10 @@ unsigned long ASN1_STRING_get_default_mask(void) * This function sets the default to various "flavours" of configuration. * based on an ASCII string. Currently this is: * MASK:XXXX : a numerical mask value. - * nobmp : Don't use BMPStrings (just Printable, T61). - * pkix : PKIX recommendation in RFC2459. - * utf8only : only use UTF8Strings (RFC2459 recommendation for 2004). - * default: the default value, Printable, T61, BMP. + * default : use Printable, IA5, T61, BMP, and UTF8 string types + * nombstr : any string type except variable-sized BMPStrings or UTF8Strings + * pkix : PKIX recommendation in RFC2459 + * utf8only : this is the default, use UTF8Strings */ int ASN1_STRING_set_default_mask_asc(const char *p) diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c index 25d306a3a6..9f8a5e2e5b 100644 --- a/crypto/asn1/a_time.c +++ b/crypto/asn1/a_time.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -490,9 +490,9 @@ int ASN1_TIME_print_ex(BIO *bp, const ASN1_TIME *tm, unsigned long flags) int ossl_asn1_time_print_ex(BIO *bp, const ASN1_TIME *tm, unsigned long flags) { char *v; - int gmt = 0, l; + int l; struct tm stm; - const char upper_z = 0x5A, period = 0x2E; + const char period = 0x2E; /* ossl_asn1_time_to_tm will check the time type */ if (!ossl_asn1_time_to_tm(&stm, tm)) @@ -500,8 +500,6 @@ int ossl_asn1_time_print_ex(BIO *bp, const ASN1_TIME *tm, unsigned long flags) l = tm->length; v = (char *)tm->data; - if (v[l - 1] == upper_z) - gmt = 1; if (tm->type == V_ASN1_GENERALIZEDTIME) { char *f = NULL; @@ -512,39 +510,36 @@ int ossl_asn1_time_print_ex(BIO *bp, const ASN1_TIME *tm, unsigned long flags) * 'fraction point' in a GeneralizedTime string. */ if (tm->length > 15 && v[14] == period) { - f = &v[14]; - f_len = 1; - while (14 + f_len < l && ossl_ascii_isdigit(f[f_len])) + /* exclude the . itself */ + f = &v[15]; + f_len = 0; + while (15 + f_len < l && ossl_ascii_isdigit(f[f_len])) ++f_len; } - if ((flags & ASN1_DTFLGS_TYPE_MASK) == ASN1_DTFLGS_ISO8601) { - return BIO_printf(bp, "%4d-%02d-%02d %02d:%02d:%02d%.*s%s", + if (f_len > 0) { + if ((flags & ASN1_DTFLGS_TYPE_MASK) == ASN1_DTFLGS_ISO8601) { + return BIO_printf(bp, "%4d-%02d-%02d %02d:%02d:%02d.%.*sZ", + stm.tm_year + 1900, stm.tm_mon + 1, + stm.tm_mday, stm.tm_hour, + stm.tm_min, stm.tm_sec, f_len, f) > 0; + } else { + return BIO_printf(bp, "%s %2d %02d:%02d:%02d.%.*s %d GMT", + _asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour, + stm.tm_min, stm.tm_sec, f_len, f, + stm.tm_year + 1900) > 0; + } + } + } + if ((flags & ASN1_DTFLGS_TYPE_MASK) == ASN1_DTFLGS_ISO8601) { + return BIO_printf(bp, "%4d-%02d-%02d %02d:%02d:%02dZ", stm.tm_year + 1900, stm.tm_mon + 1, stm.tm_mday, stm.tm_hour, - stm.tm_min, stm.tm_sec, f_len, f, - (gmt ? "Z" : "")) > 0; - } - else { - return BIO_printf(bp, "%s %2d %02d:%02d:%02d%.*s %d%s", - _asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour, - stm.tm_min, stm.tm_sec, f_len, f, stm.tm_year + 1900, - (gmt ? " GMT" : "")) > 0; - } + stm.tm_min, stm.tm_sec) > 0; } else { - if ((flags & ASN1_DTFLGS_TYPE_MASK) == ASN1_DTFLGS_ISO8601) { - return BIO_printf(bp, "%4d-%02d-%02d %02d:%02d:%02d%s", - stm.tm_year + 1900, stm.tm_mon + 1, - stm.tm_mday, stm.tm_hour, - stm.tm_min, stm.tm_sec, - (gmt ? "Z" : "")) > 0; - } - else { - return BIO_printf(bp, "%s %2d %02d:%02d:%02d %d%s", + return BIO_printf(bp, "%s %2d %02d:%02d:%02d %d GMT", _asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour, - stm.tm_min, stm.tm_sec, stm.tm_year + 1900, - (gmt ? " GMT" : "")) > 0; - } + stm.tm_min, stm.tm_sec, stm.tm_year + 1900) > 0; } } diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c index 94d29e7c27..f6cac80962 100644 --- a/crypto/asn1/a_verify.c +++ b/crypto/asn1/a_verify.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -202,10 +202,12 @@ int ASN1_item_verify_ctx(const ASN1_ITEM *it, const X509_ALGOR *alg, inl = ASN1_item_i2d(data, &buf_in, it); if (inl <= 0) { ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR); + ret = -1; goto err; } if (buf_in == NULL) { ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB); + ret = -1; goto err; } inll = inl; diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c index b2784ae338..f525842449 100644 --- a/crypto/asn1/asn1_err.c +++ b/crypto/asn1/asn1_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c index 6f73449cf4..50b4db97aa 100644 --- a/crypto/asn1/asn1_gen.c +++ b/crypto/asn1/asn1_gen.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -499,7 +499,8 @@ static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, static int asn1_str2tag(const char *tagstr, int len) { unsigned int i; - static const struct tag_name_st *tntmp, tnst[] = { + const struct tag_name_st *tntmp; + static const struct tag_name_st tnst[] = { ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN), ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN), ASN1_GEN_STR("NULL", V_ASN1_NULL), diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c index 3a7386f163..b3778226f9 100644 --- a/crypto/asn1/asn_mime.c +++ b/crypto/asn1/asn_mime.c @@ -300,6 +300,8 @@ int SMIME_write_ASN1_ex(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, if (ctype_nid == NID_pkcs7_enveloped) { msg_type = "enveloped-data"; + } else if (ctype_nid == NID_id_smime_ct_authEnvelopedData) { + msg_type = "authEnveloped-data"; } else if (ctype_nid == NID_pkcs7_signed) { if (econt_nid == NID_id_smime_ct_receipt) msg_type = "signed-receipt"; diff --git a/crypto/asn1/asn_mstbl.c b/crypto/asn1/asn_mstbl.c index 93c6f61bd9..b930957655 100644 --- a/crypto/asn1/asn_mstbl.c +++ b/crypto/asn1/asn_mstbl.c @@ -1,5 +1,5 @@ /* - * Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2012-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index bde074ff8a..c4f9d61514 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/asn1/tasn_fre.c b/crypto/asn1/tasn_fre.c index 13aa6a728e..f8068832ab 100644 --- a/crypto/asn1/tasn_fre.c +++ b/crypto/asn1/tasn_fre.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -85,8 +85,12 @@ void ossl_asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed case ASN1_ITYPE_NDEF_SEQUENCE: case ASN1_ITYPE_SEQUENCE: - if (ossl_asn1_do_lock(pval, -1, it) != 0) /* if error or ref-counter > 0 */ + if (ossl_asn1_do_lock(pval, -1, it) != 0) { + /* if error or ref-counter > 0 */ + OPENSSL_assert(embed == 0); + *pval = NULL; return; + } if (asn1_cb) { i = asn1_cb(ASN1_OP_FREE_PRE, pval, it, NULL); if (i == 2) diff --git a/crypto/bio/bf_readbuff.c b/crypto/bio/bf_readbuff.c index 135ccef83b..2409c9db97 100644 --- a/crypto/bio/bf_readbuff.c +++ b/crypto/bio/bf_readbuff.c @@ -1,5 +1,5 @@ /* - * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -222,10 +222,13 @@ static int readbuffer_gets(BIO *b, char *buf, int size) char *p; int i, j; - if (size == 0) + if (buf == NULL || size == 0) return 0; --size; /* the passed in size includes the terminator - so remove it here */ ctx = (BIO_F_BUFFER_CTX *)b->ptr; + + if (ctx == NULL || b->next_bio == NULL) + return 0; BIO_clear_retry_flags(b); /* If data is already buffered then use this first */ diff --git a/crypto/bio/bio_addr.c b/crypto/bio/bio_addr.c index 0a64d0749a..2ba60ea9f7 100644 --- a/crypto/bio/bio_addr.c +++ b/crypto/bio/bio_addr.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -104,6 +104,7 @@ void BIO_ADDR_clear(BIO_ADDR *ap) */ int BIO_ADDR_make(BIO_ADDR *ap, const struct sockaddr *sa) { + memset(ap, 0, sizeof(BIO_ADDR)); if (sa->sa_family == AF_INET) { memcpy(&(ap->s_in), sa, sizeof(struct sockaddr_in)); return 1; @@ -571,8 +572,13 @@ int BIO_parse_hostserv(const char *hostserv, char **host, char **service, *service = NULL; } else { *service = OPENSSL_strndup(p, pl); - if (*service == NULL) + if (*service == NULL) { + if (h != NULL && host != NULL) { + OPENSSL_free(*host); + *host = NULL; + } return 0; + } } } @@ -799,14 +805,12 @@ int BIO_lookup_ex(const char *host, const char *service, int lookup_type, if (!RUN_ONCE(&bio_lookup_init, do_bio_lookup_init)) { /* Should this be raised inside do_bio_lookup_init()? */ ERR_raise(ERR_LIB_BIO, ERR_R_CRYPTO_LIB); - ret = 0; - goto err; + return 0; } - if (!CRYPTO_THREAD_write_lock(bio_lookup_lock)) { - ret = 0; - goto err; - } + if (!CRYPTO_THREAD_write_lock(bio_lookup_lock)) + return 0; + he_fallback_address = INADDR_ANY; if (host == NULL) { he = &he_fallback; diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c index 8bcf666e3c..85ab4afe18 100644 --- a/crypto/bio/bio_lib.c +++ b/crypto/bio/bio_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -126,7 +126,7 @@ int BIO_free(BIO *a) if (CRYPTO_DOWN_REF(&a->references, &ret) <= 0) return 0; - REF_PRINT_COUNT("BIO", a); + REF_PRINT_COUNT("BIO", ret, a); if (ret > 0) return 1; REF_ASSERT_ISNT(ret < 0); @@ -191,7 +191,7 @@ int BIO_up_ref(BIO *a) if (CRYPTO_UP_REF(&a->references, &i) <= 0) return 0; - REF_PRINT_COUNT("BIO", a); + REF_PRINT_COUNT("BIO", i, a); REF_ASSERT_ISNT(i < 2); return i > 1; } @@ -965,8 +965,12 @@ static int bio_wait(BIO *bio, time_t max_time, unsigned int nap_milliseconds) return 1; #ifndef OPENSSL_NO_SOCK - if (BIO_get_fd(bio, &fd) > 0 && fd < FD_SETSIZE) - return BIO_socket_wait(fd, BIO_should_read(bio), max_time); + if (BIO_get_fd(bio, &fd) > 0) { + int ret = BIO_socket_wait(fd, BIO_should_read(bio), max_time); + + if (ret != -1) + return ret; + } #endif /* fall back to polling since no sockets are available */ diff --git a/crypto/bio/bio_meth.c b/crypto/bio/bio_meth.c index 5102a54e99..f6fdcb9357 100644 --- a/crypto/bio/bio_meth.c +++ b/crypto/bio/bio_meth.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bio/bio_sock.c b/crypto/bio/bio_sock.c index 7aa7bdc65e..358014f5d3 100644 --- a/crypto/bio/bio_sock.c +++ b/crypto/bio/bio_sock.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -26,9 +26,6 @@ static int wsa_init_done = 0; # if defined __TANDEM # include # include /* select */ -# if defined(OPENSSL_TANDEM_FLOSS) -# include -# endif # elif defined _WIN32 # include /* for type fd_set */ # else @@ -260,7 +257,7 @@ int BIO_get_accept_socket(char *host, int bind_mode) return INVALID_SOCKET; if (BIO_sock_init() != 1) - return INVALID_SOCKET; + goto err; if (BIO_lookup(h, p, BIO_LOOKUP_SERVER, AF_UNSPEC, SOCK_STREAM, &res) != 0) goto err; @@ -435,7 +432,11 @@ int BIO_socket_wait(int fd, int for_read, time_t max_time) struct timeval tv; time_t now; +#ifdef _WIN32 + if ((SOCKET)fd == INVALID_SOCKET) +#else if (fd < 0 || fd >= FD_SETSIZE) +#endif return -1; if (max_time == 0) return 1; diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c index fb3c4d2ba3..9d00f18297 100644 --- a/crypto/bio/bss_conn.c +++ b/crypto/bio/bss_conn.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -110,7 +110,7 @@ err: static int conn_state(BIO *b, BIO_CONNECT *c) { - int ret = -1, i; + int ret = -1, i, opts; BIO_info_cb *cb = NULL; if (c->info_callback != NULL) @@ -188,8 +188,12 @@ static int conn_state(BIO *b, BIO_CONNECT *c) case BIO_CONN_S_CONNECT: BIO_clear_retry_flags(b); ERR_set_mark(); - ret = BIO_connect(b->num, BIO_ADDRINFO_address(c->addr_iter), - BIO_SOCK_KEEPALIVE | c->connect_mode); + + opts = c->connect_mode; + if (BIO_ADDRINFO_socktype(c->addr_iter) == SOCK_STREAM) + opts |= BIO_SOCK_KEEPALIVE; + + ret = BIO_connect(b->num, BIO_ADDRINFO_address(c->addr_iter), opts); b->retry_reason = 0; if (ret == 0) { if (BIO_sock_should_retry(ret)) { diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c index c049883bf0..ea2550859c 100644 --- a/crypto/bio/bss_dgram.c +++ b/crypto/bio/bss_dgram.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -66,6 +66,10 @@ #undef NO_RECVMSG #define NO_RECVMSG # endif +# if (defined(__ANDROID_API__) && __ANDROID_API__ < 21) || defined(_AIX) +# undef NO_RECVMMSG +# define NO_RECVMMSG +# endif # if !defined(M_METHOD) # if defined(OPENSSL_SYS_WINDOWS) && defined(BIO_HAVE_WSAMSG) && !defined(NO_WSARECVMSG) # define M_METHOD M_METHOD_WSARECVMSG @@ -556,6 +560,8 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) socklen_t addr_len; BIO_ADDR addr; # endif + struct sockaddr_storage ss; + socklen_t ss_len = sizeof(ss); data = (bio_dgram_data *)b->ptr; @@ -573,6 +579,10 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) b->shutdown = (int)num; b->init = 1; dgram_update_local_addr(b); + if (getpeername(b->num, (struct sockaddr *)&ss, &ss_len) == 0) { + BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)&ss)); + data->connected = 1; + } # if defined(SUPPORT_LOCAL_ADDR) if (data->local_addr_enabled) { if (enable_local_addr(b, 1) < 1) @@ -1063,19 +1073,27 @@ static void translate_msg_win(BIO *b, WSAMSG *mh, WSABUF *iov, static void translate_msg(BIO *b, struct msghdr *mh, struct iovec *iov, unsigned char *control, BIO_MSG *msg) { + bio_dgram_data *data; + iov->iov_base = msg->data; iov->iov_len = msg->data_len; - /* macOS requires msg_namelen be 0 if msg_name is NULL */ - mh->msg_name = msg->peer != NULL ? &msg->peer->sa : NULL; - if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET) - mh->msg_namelen = sizeof(struct sockaddr_in); + data = (bio_dgram_data *)b->ptr; + if (data->connected == 0) { + /* macOS requires msg_namelen be 0 if msg_name is NULL */ + mh->msg_name = msg->peer != NULL ? &msg->peer->sa : NULL; + if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET) + mh->msg_namelen = sizeof(struct sockaddr_in); # if OPENSSL_USE_IPV6 - else if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET6) - mh->msg_namelen = sizeof(struct sockaddr_in6); + else if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET6) + mh->msg_namelen = sizeof(struct sockaddr_in6); # endif - else + else + mh->msg_namelen = 0; + } else { + mh->msg_name = NULL; mh->msg_namelen = 0; + } mh->msg_iov = iov; mh->msg_iovlen = 1; @@ -1174,7 +1192,7 @@ static int pack_local(BIO *b, MSGHDR_TYPE *mh, const BIO_ADDR *local) { cmsg->cmsg_type = IP_PKTINFO; info = (struct in_pktinfo *)BIO_CMSG_DATA(cmsg); -# if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_CYGWIN) && !defined(__FreeBSD__) +# if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_CYGWIN) && !defined(__FreeBSD__) && !defined(__QNX__) info->ipi_spec_dst = local->s_in.sin_addr; # endif info->ipi_addr.s_addr = 0; diff --git a/crypto/bio/bss_log.c b/crypto/bio/bss_log.c index c22e603b04..f587cab2f8 100644 --- a/crypto/bio/bss_log.c +++ b/crypto/bio/bss_log.c @@ -281,7 +281,7 @@ static void xsyslog(BIO *bp, int priority, const char *string) break; } - sprintf(pidbuf, "[%lu] ", GetCurrentProcessId()); + BIO_snprintf(pidbuf, sizeof(pidbuf), "[%lu] ", GetCurrentProcessId()); lpszStrings[0] = pidbuf; lpszStrings[1] = string; diff --git a/crypto/bn/asm/armv4-gf2m.pl b/crypto/bn/asm/armv4-gf2m.pl index 17af0e0774..5733a01746 100644 --- a/crypto/bn/asm/armv4-gf2m.pl +++ b/crypto/bn/asm/armv4-gf2m.pl @@ -326,6 +326,7 @@ $code.=<<___; #if __ARM_MAX_ARCH__>=7 .extern OPENSSL_armcap_P +.hidden OPENSSL_armcap_P #endif ___ diff --git a/crypto/bn/asm/armv4-mont.pl b/crypto/bn/asm/armv4-mont.pl index d85da92406..6e839d845c 100644 --- a/crypto/bn/asm/armv4-mont.pl +++ b/crypto/bn/asm/armv4-mont.pl @@ -750,6 +750,7 @@ $code.=<<___; .align 2 #if __ARM_MAX_ARCH__>=7 .extern OPENSSL_armcap_P +.hidden OPENSSL_armcap_P #endif ___ diff --git a/crypto/bn/asm/armv8-mont.pl b/crypto/bn/asm/armv8-mont.pl index 21ab12bdf0..1641a9880c 100755 --- a/crypto/bn/asm/armv8-mont.pl +++ b/crypto/bn/asm/armv8-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -85,10 +85,12 @@ bn_mul_mont: cmp $num,#32 b.le .Lscalar_impl #ifndef __KERNEL__ +#ifndef __AARCH64EB__ adrp x17,OPENSSL_armv8_rsa_neonized ldr w17,[x17,#:lo12:OPENSSL_armv8_rsa_neonized] cbnz w17, bn_mul8x_mont_neon #endif +#endif .Lscalar_impl: tst $num,#7 diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c index b876edbfac..862543f167 100644 --- a/crypto/bn/bn_exp.c +++ b/crypto/bn/bn_exp.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -606,7 +606,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, * out by Colin Percival, * http://www.daemonology.net/hyperthreading-considered-harmful/) */ -int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, +int bn_mod_exp_mont_fixed_top(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) { @@ -623,10 +623,6 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, unsigned int t4 = 0; #endif - bn_check_top(a); - bn_check_top(p); - bn_check_top(m); - if (!BN_is_odd(m)) { ERR_raise(ERR_LIB_BN, BN_R_CALLED_WITH_EVEN_MODULUS); return 0; @@ -1146,7 +1142,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, goto err; } else #endif - if (!BN_from_montgomery(rr, &tmp, mont, ctx)) + if (!bn_from_mont_fixed_top(rr, &tmp, mont, ctx)) goto err; ret = 1; err: @@ -1160,6 +1156,19 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, return ret; } +int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *in_mont) +{ + bn_check_top(a); + bn_check_top(p); + bn_check_top(m); + if (!bn_mod_exp_mont_fixed_top(rr, a, p, m, ctx, in_mont)) + return 0; + bn_correct_top(rr); + return 1; +} + int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) { diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c index 444c5ca7a3..ae7e9d751c 100644 --- a/crypto/bn/bn_gf2m.c +++ b/crypto/bn/bn_gf2m.c @@ -15,6 +15,7 @@ #include "bn_local.h" #ifndef OPENSSL_NO_EC2M +# include /* * Maximum number of iterations before BN_GF2m_mod_solve_quad_arr should @@ -1130,16 +1131,26 @@ int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, /* * Convert the bit-string representation of a polynomial ( \sum_{i=0}^n a_i * * x^i) into an array of integers corresponding to the bits with non-zero - * coefficient. Array is terminated with -1. Up to max elements of the array - * will be filled. Return value is total number of array elements that would - * be filled if array was large enough. + * coefficient. The array is intended to be suitable for use with + * `BN_GF2m_mod_arr()`, and so the constant term of the polynomial must not be + * zero. This translates to a requirement that the input BIGNUM `a` is odd. + * + * Given sufficient room, the array is terminated with -1. Up to max elements + * of the array will be filled. + * + * The return value is total number of array elements that would be filled if + * array was large enough, including the terminating `-1`. It is `0` when `a` + * is not odd or the constant term is zero contrary to requirement. + * + * The return value is also `0` when the leading exponent exceeds + * `OPENSSL_ECC_MAX_FIELD_BITS`, this guards against CPU exhaustion attacks, */ int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max) { int i, j, k = 0; BN_ULONG mask; - if (BN_is_zero(a)) + if (!BN_is_odd(a)) return 0; for (i = a->top - 1; i >= 0; i--) { @@ -1157,12 +1168,13 @@ int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max) } } - if (k < max) { - p[k] = -1; - k++; - } + if (k > 0 && p[0] > OPENSSL_ECC_MAX_FIELD_BITS) + return 0; - return k; + if (k < max) + p[k] = -1; + + return k + 1; } /* diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 9070647b35..18c9d54f67 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -708,14 +708,29 @@ int BN_ucmp(const BIGNUM *a, const BIGNUM *b) int i; BN_ULONG t1, t2, *ap, *bp; + ap = a->d; + bp = b->d; + + if (BN_get_flags(a, BN_FLG_CONSTTIME) + && a->top == b->top) { + int res = 0; + + for (i = 0; i < b->top; i++) { + res = constant_time_select_int(constant_time_lt_bn(ap[i], bp[i]), + -1, res); + res = constant_time_select_int(constant_time_lt_bn(bp[i], ap[i]), + 1, res); + } + return res; + } + bn_check_top(a); bn_check_top(b); i = a->top - b->top; if (i != 0) return i; - ap = a->d; - bp = b->d; + for (i = a->top - 1; i >= 0; i--) { t1 = ap[i]; t2 = bp[i]; @@ -827,11 +842,10 @@ int BN_is_bit_set(const BIGNUM *a, int n) return (int)(((a->d[i]) >> j) & ((BN_ULONG)1)); } -int BN_mask_bits(BIGNUM *a, int n) +int ossl_bn_mask_bits_fixed_top(BIGNUM *a, int n) { int b, w; - bn_check_top(a); if (n < 0) return 0; @@ -845,10 +859,21 @@ int BN_mask_bits(BIGNUM *a, int n) a->top = w + 1; a->d[w] &= ~(BN_MASK2 << b); } - bn_correct_top(a); + a->flags |= BN_FLG_FIXED_TOP; return 1; } +int BN_mask_bits(BIGNUM *a, int n) +{ + int ret; + + bn_check_top(a); + ret = ossl_bn_mask_bits_fixed_top(a, n); + if (ret) + bn_correct_top(a); + return ret; +} + void BN_set_negative(BIGNUM *a, int b) { if (b && !BN_is_zero(a)) @@ -1022,6 +1047,22 @@ int BN_is_word(const BIGNUM *a, const BN_ULONG w) return BN_abs_is_word(a, w) && (!w || !a->neg); } +int ossl_bn_is_word_fixed_top(const BIGNUM *a, const BN_ULONG w) +{ + int res, i; + const BN_ULONG *ap = a->d; + + if (a->neg || a->top == 0) + return 0; + + res = constant_time_select_int(constant_time_eq_bn(ap[0], w), 1, 0); + + for (i = 1; i < a->top; i++) + res = constant_time_select_int(constant_time_is_zero_bn(ap[i]), + res, 0); + return res; +} + int BN_is_odd(const BIGNUM *a) { return (a->top > 0) && (a->d[0] & 1); diff --git a/crypto/bn/bn_ppc.c b/crypto/bn/bn_ppc.c index 1e9421bee2..29293bad55 100644 --- a/crypto/bn/bn_ppc.c +++ b/crypto/bn/bn_ppc.c @@ -41,12 +41,15 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, */ #if defined(_ARCH_PPC64) && !defined(__ILP32__) + /* Minerva side-channel fix danny */ +# if defined(USE_FIXED_N6) if (num == 6) { if (OPENSSL_ppccap_P & PPC_MADD300) return bn_mul_mont_300_fixed_n6(rp, ap, bp, np, n0, num); else return bn_mul_mont_fixed_n6(rp, ap, bp, np, n0, num); } +# endif #endif return bn_mul_mont_int(rp, ap, bp, np, n0, num); diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c index a94dfcecdf..da537a07a9 100644 --- a/crypto/bn/bn_rand.c +++ b/crypto/bn/bn_rand.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -184,8 +184,8 @@ static int bnrand_range(BNRAND_FLAG flag, BIGNUM *r, const BIGNUM *range, } else { do { /* range = 11..._2 or range = 101..._2 */ - if (!bnrand(flag, r, n, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, 0, - ctx)) + if (!bnrand(flag, r, n, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, + strength, ctx)) return 0; if (!--count) { @@ -238,17 +238,63 @@ int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range) # endif #endif +int ossl_bn_priv_rand_range_fixed_top(BIGNUM *r, const BIGNUM *range, + unsigned int strength, BN_CTX *ctx) +{ + int n; + int count = 100; + + if (r == NULL) { + ERR_raise(ERR_LIB_BN, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + if (range->neg || BN_is_zero(range)) { + ERR_raise(ERR_LIB_BN, BN_R_INVALID_RANGE); + return 0; + } + + n = BN_num_bits(range); /* n > 0 */ + + /* BN_is_bit_set(range, n - 1) always holds */ + + if (n == 1) { + BN_zero(r); + } else { + BN_set_flags(r, BN_FLG_CONSTTIME); + do { + if (!bnrand(PRIVATE, r, n + 1, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY, + strength, ctx)) + return 0; + + if (!--count) { + ERR_raise(ERR_LIB_BN, BN_R_TOO_MANY_ITERATIONS); + return 0; + } + ossl_bn_mask_bits_fixed_top(r, n); + } + while (BN_ucmp(r, range) >= 0); +#ifdef BN_DEBUG + /* With BN_DEBUG on a fixed top number cannot be returned */ + bn_correct_top(r); +#endif + } + + return 1; +} + /* - * BN_generate_dsa_nonce generates a random number 0 <= out < range. Unlike - * BN_rand_range, it also includes the contents of |priv| and |message| in - * the generation so that an RNG failure isn't fatal as long as |priv| + * ossl_bn_gen_dsa_nonce_fixed_top generates a random number 0 <= out < range. + * Unlike BN_rand_range, it also includes the contents of |priv| and |message| + * in the generation so that an RNG failure isn't fatal as long as |priv| * remains secret. This is intended for use in DSA and ECDSA where an RNG * weakness leads directly to private key exposure unless this function is * used. */ -int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, - const BIGNUM *priv, const unsigned char *message, - size_t message_len, BN_CTX *ctx) +int ossl_bn_gen_dsa_nonce_fixed_top(BIGNUM *out, const BIGNUM *range, + const BIGNUM *priv, + const unsigned char *message, + size_t message_len, BN_CTX *ctx) { EVP_MD_CTX *mdctx = EVP_MD_CTX_new(); /* @@ -258,20 +304,24 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, unsigned char random_bytes[64]; unsigned char digest[SHA512_DIGEST_LENGTH]; unsigned done, todo; - /* We generate |range|+8 bytes of random output. */ - const unsigned num_k_bytes = BN_num_bytes(range) + 8; + /* We generate |range|+1 bytes of random output. */ + const unsigned num_k_bytes = BN_num_bytes(range) + 1; unsigned char private_bytes[96]; unsigned char *k_bytes = NULL; + const int max_n = 64; /* Pr(failure to generate) < 2^max_n */ + int n; int ret = 0; EVP_MD *md = NULL; OSSL_LIB_CTX *libctx = ossl_bn_get_libctx(ctx); if (mdctx == NULL) - goto err; + goto end; k_bytes = OPENSSL_malloc(num_k_bytes); if (k_bytes == NULL) - goto err; + goto end; + /* Ensure top byte is set to avoid non-constant time in bin2bn */ + k_bytes[0] = 0xff; /* We copy |priv| into a local buffer to avoid exposing its length. */ if (BN_bn2binpad(priv, private_bytes, sizeof(private_bytes)) < 0) { @@ -281,41 +331,60 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, * length of the private key. */ ERR_raise(ERR_LIB_BN, BN_R_PRIVATE_KEY_TOO_LARGE); - goto err; + goto end; } md = EVP_MD_fetch(libctx, "SHA512", NULL); if (md == NULL) { ERR_raise(ERR_LIB_BN, BN_R_NO_SUITABLE_DIGEST); - goto err; + goto end; } - for (done = 0; done < num_k_bytes;) { - if (RAND_priv_bytes_ex(libctx, random_bytes, sizeof(random_bytes), 0) <= 0) - goto err; + for (n = 0; n < max_n; n++) { + unsigned char i = 0; - if (!EVP_DigestInit_ex(mdctx, md, NULL) - || !EVP_DigestUpdate(mdctx, &done, sizeof(done)) - || !EVP_DigestUpdate(mdctx, private_bytes, - sizeof(private_bytes)) - || !EVP_DigestUpdate(mdctx, message, message_len) - || !EVP_DigestUpdate(mdctx, random_bytes, sizeof(random_bytes)) - || !EVP_DigestFinal_ex(mdctx, digest, NULL)) - goto err; + for (done = 1; done < num_k_bytes;) { + if (RAND_priv_bytes_ex(libctx, random_bytes, sizeof(random_bytes), + 0) <= 0) + goto end; - todo = num_k_bytes - done; - if (todo > SHA512_DIGEST_LENGTH) - todo = SHA512_DIGEST_LENGTH; - memcpy(k_bytes + done, digest, todo); - done += todo; + if (!EVP_DigestInit_ex(mdctx, md, NULL) + || !EVP_DigestUpdate(mdctx, &i, sizeof(i)) + || !EVP_DigestUpdate(mdctx, private_bytes, + sizeof(private_bytes)) + || !EVP_DigestUpdate(mdctx, message, message_len) + || !EVP_DigestUpdate(mdctx, random_bytes, + sizeof(random_bytes)) + || !EVP_DigestFinal_ex(mdctx, digest, NULL)) + goto end; + + todo = num_k_bytes - done; + if (todo > SHA512_DIGEST_LENGTH) + todo = SHA512_DIGEST_LENGTH; + memcpy(k_bytes + done, digest, todo); + done += todo; + ++i; + } + + if (!BN_bin2bn(k_bytes, num_k_bytes, out)) + goto end; + + /* Clear out the top bits and rejection filter into range */ + BN_set_flags(out, BN_FLG_CONSTTIME); + ossl_bn_mask_bits_fixed_top(out, BN_num_bits(range)); + + if (BN_ucmp(out, range) < 0) { + ret = 1; +#ifdef BN_DEBUG + /* With BN_DEBUG on a fixed top number cannot be returned */ + bn_correct_top(out); +#endif + goto end; + } } + /* Failed to generate anything */ + ERR_raise(ERR_LIB_BN, ERR_R_INTERNAL_ERROR); - if (!BN_bin2bn(k_bytes, num_k_bytes, out)) - goto err; - if (BN_mod(out, out, range, ctx) != 1) - goto err; - ret = 1; - - err: + end: EVP_MD_CTX_free(mdctx); EVP_MD_free(md); OPENSSL_clear_free(k_bytes, num_k_bytes); @@ -324,3 +393,20 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, OPENSSL_cleanse(private_bytes, sizeof(private_bytes)); return ret; } + +int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, + const BIGNUM *priv, const unsigned char *message, + size_t message_len, BN_CTX *ctx) +{ + int ret; + + ret = ossl_bn_gen_dsa_nonce_fixed_top(out, range, priv, message, + message_len, ctx); + /* + * This call makes the BN_generate_dsa_nonce non-const-time, thus we + * do not use it internally. But fixed_top BNs currently cannot be returned + * from public API calls. + */ + bn_correct_top(out); + return ret; +} diff --git a/crypto/bn/bn_s390x.c b/crypto/bn/bn_s390x.c index 5449143f4f..0b60f4ec1d 100644 --- a/crypto/bn/bn_s390x.c +++ b/crypto/bn/bn_s390x.c @@ -28,7 +28,7 @@ static int s390x_mod_exp_hw(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, size_t size; int res = 0; - if (OPENSSL_s390xcex == -1) + if (OPENSSL_s390xcex == -1 || OPENSSL_s390xcex_nodev) return 0; size = BN_num_bytes(m); buffer = OPENSSL_zalloc(4 * size); @@ -47,12 +47,21 @@ static int s390x_mod_exp_hw(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, if (ioctl(OPENSSL_s390xcex, ICARSAMODEXPO, &me) != -1) { if (BN_bin2bn(me.outputdata, size, r) != NULL) res = 1; - } else if (errno == EBADF) { - /*- + } else if (errno == EBADF || errno == ENOTTY) { + /* * In this cases, someone (e.g. a sandbox) closed the fd. * Make sure to not further use this hardware acceleration. + * In case of ENOTTY the file descriptor was already reused for another + * file. Do not attempt to use or close that file descriptor anymore. */ OPENSSL_s390xcex = -1; + } else if (errno == ENODEV) { + /* + * No crypto card(s) available to handle RSA requests. + * Make sure to not further use this hardware acceleration, + * but do not close the file descriptor. + */ + OPENSSL_s390xcex_nodev = 1; } dealloc: OPENSSL_clear_free(buffer, 4 * size); @@ -75,7 +84,7 @@ int s390x_crt(BIGNUM *r, const BIGNUM *i, const BIGNUM *p, const BIGNUM *q, size_t size, plen, qlen; int res = 0; - if (OPENSSL_s390xcex == -1) + if (OPENSSL_s390xcex == -1 || OPENSSL_s390xcex_nodev) return 0; /*- * Hardware-accelerated CRT can only deal with p>q. Fall back to @@ -115,12 +124,21 @@ int s390x_crt(BIGNUM *r, const BIGNUM *i, const BIGNUM *p, const BIGNUM *q, if (ioctl(OPENSSL_s390xcex, ICARSACRT, &crt) != -1) { if (BN_bin2bn(crt.outputdata, crt.outputdatalength, r) != NULL) res = 1; - } else if (errno == EBADF) { - /*- + } else if (errno == EBADF || errno == ENOTTY) { + /* * In this cases, someone (e.g. a sandbox) closed the fd. * Make sure to not further use this hardware acceleration. + * In case of ENOTTY the file descriptor was already reused for another + * file. Do not attempt to use or close that file descriptor anymore. */ OPENSSL_s390xcex = -1; + } else if (errno == ENODEV) { + /* + * No crypto card(s) available to handle RSA requests. + * Make sure to not further use this hardware acceleration, + * but do not close the file descriptor. + */ + OPENSSL_s390xcex_nodev = 1; } dealloc: OPENSSL_clear_free(buffer, 9 * size + 24); diff --git a/crypto/bn/bn_shift.c b/crypto/bn/bn_shift.c index 8fcb04324e..d67331f1f6 100644 --- a/crypto/bn/bn_shift.c +++ b/crypto/bn/bn_shift.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -156,6 +156,9 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) return 0; } + bn_check_top(r); + bn_check_top(a); + ret = bn_rshift_fixed_top(r, a, n); bn_correct_top(r); @@ -177,9 +180,6 @@ int bn_rshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n) BN_ULONG *t, *f; BN_ULONG l, m, mask; - bn_check_top(r); - bn_check_top(a); - assert(n >= 0); nw = n / BN_BITS2; diff --git a/crypto/bn/rsaz_exp_x2.c b/crypto/bn/rsaz_exp_x2.c index 70705486a1..0921c1e253 100644 --- a/crypto/bn/rsaz_exp_x2.c +++ b/crypto/bn/rsaz_exp_x2.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2020-2021, Intel Corporation. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -576,11 +576,7 @@ static void to_words52(BN_ULONG *out, int out_len, out_len--; } - while (out_len > 0) { - *out = 0; - out_len--; - out++; - } + memset(out, 0, out_len * sizeof(BN_ULONG)); } static ossl_inline void put_digit(uint8_t *out, int out_len, uint64_t digit) diff --git a/crypto/chacha/asm/chacha-armv4.pl b/crypto/chacha/asm/chacha-armv4.pl index ac32d5bda7..bb48b6eeb9 100755 --- a/crypto/chacha/asm/chacha-armv4.pl +++ b/crypto/chacha/asm/chacha-armv4.pl @@ -1155,6 +1155,7 @@ $code.=<<___; ldmia sp!,{r4-r11,pc} .size ChaCha20_neon,.-ChaCha20_neon .extern OPENSSL_armcap_P +.hidden OPENSSL_armcap_P #endif ___ }}} diff --git a/crypto/chacha/asm/chacha-loongarch64.pl b/crypto/chacha/asm/chacha-loongarch64.pl index 161df42ffa..d608c909a6 100644 --- a/crypto/chacha/asm/chacha-loongarch64.pl +++ b/crypto/chacha/asm/chacha-loongarch64.pl @@ -1,6 +1,6 @@ #! /usr/bin/env perl # Author: Min Zhou -# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -37,8 +37,9 @@ my ($xr0,$xr1,$xr2,$xr3,$xr4,$xr5,$xr6,$xr7,$xr8,$xr9,$xr10, $xr20,$xr21,$xr22,$xr23,$xr24,$xr25,$xr26,$xr27,$xr28, $xr29,$xr30,$xr31)=map("\$xr$_",(0..31)); +# $output is the last argument if it looks like a file (it has an extension) my $output; -for (@ARGV) { $output=$_ if (/\w[\w\-]*\.\w+$/); } +$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; open STDOUT,">$output"; # Input parameter block @@ -72,7 +73,7 @@ ChaCha20_ctr32: beqz $len,.Lno_data ori $t3,$zero,64 - la.pcrel $t0,OPENSSL_loongarch_hwcap_P + la.global $t0,OPENSSL_loongarch_hwcap_P ld.w $t0,$t0,0 bleu $len,$t3,.LChaCha20_1x # goto 1x when len <= 64 diff --git a/crypto/chacha/asm/chacha-riscv64-zvkb.pl b/crypto/chacha/asm/chacha-riscv64-zbb-zvkb.pl similarity index 52% rename from crypto/chacha/asm/chacha-riscv64-zvkb.pl rename to crypto/chacha/asm/chacha-riscv64-zbb-zvkb.pl index caa7a1a303..59db167faf 100644 --- a/crypto/chacha/asm/chacha-riscv64-zvkb.pl +++ b/crypto/chacha/asm/chacha-riscv64-zbb-zvkb.pl @@ -2,7 +2,7 @@ # This file is dual-licensed, meaning that you can use it under your # choice of either of the following two licenses: # -# Copyright 2023-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -38,6 +38,7 @@ # - RV64I # - RISC-V Vector ('V') with VLEN >= 128 # - RISC-V Vector Cryptography Bit-manipulation extension ('Zvkb') +# - RISC-V Basic Bit-manipulation extension ('Zbb') # - RISC-V Zicclsm(Main memory supports misaligned loads/stores) use strict; @@ -59,19 +60,30 @@ my $code = <<___; .text ___ -# void ChaCha20_ctr32_zvkb(unsigned char *out, const unsigned char *inp, -# size_t len, const unsigned int key[8], -# const unsigned int counter[4]); +# void ChaCha20_ctr32_zbb_zvkb(unsigned char *out, const unsigned char *inp, +# size_t len, const unsigned int key[8], +# const unsigned int counter[4]); ################################################################################ my ( $OUTPUT, $INPUT, $LEN, $KEY, $COUNTER ) = ( "a0", "a1", "a2", "a3", "a4" ); -my ( $T0 ) = ( "t0" ); -my ( $CONST_DATA0, $CONST_DATA1, $CONST_DATA2, $CONST_DATA3 ) = - ( "a5", "a6", "a7", "t1" ); -my ( $KEY0, $KEY1, $KEY2,$KEY3, $KEY4, $KEY5, $KEY6, $KEY7, - $COUNTER0, $COUNTER1, $NONCE0, $NONCE1 -) = ( "s0", "s1", "s2", "s3", "s4", "s5", "s6", - "s7", "s8", "s9", "s10", "s11" ); -my ( $VL, $STRIDE, $CHACHA_LOOP_COUNT ) = ( "t2", "t3", "t4" ); +my ( $CONST_DATA0, $CONST_DATA1, $CONST_DATA2, $CONST_DATA3 ) = ( "a5", "a6", + "a7", "s0" ); +my ( $KEY0, $KEY1, $KEY2, $KEY3, $KEY4, $KEY5, $KEY6, $KEY7, $COUNTER0, + $COUNTER1, $NONCE0, $NONCE1) = ( "s1", "s2", "s3", "s4", "s5", "s6", "s7", + "s8", "s9", "s10", "s11", "t0" ); +my ( $STATE0, $STATE1, $STATE2, $STATE3, + $STATE4, $STATE5, $STATE6, $STATE7, + $STATE8, $STATE9, $STATE10, $STATE11, + $STATE12, $STATE13, $STATE14, $STATE15) = ( + $CONST_DATA0, $CONST_DATA1, $CONST_DATA2, $CONST_DATA3, + $KEY0, $KEY1, $KEY2, $KEY3, + $KEY4, $KEY5, $KEY6, $KEY7, + $COUNTER0, $COUNTER1, $NONCE0, $NONCE1 ); +my ( $VL ) = ( "t1" ); +my ( $CURRENT_COUNTER ) = ( "t2" ); +my ( $T0 ) = ( "t3" ); +my ( $T1 ) = ( "t4" ); +my ( $T2 ) = ( "t5" ); +my ( $T3 ) = ( "t6" ); my ( $V0, $V1, $V2, $V3, $V4, $V5, $V6, $V7, $V8, $V9, $V10, $V11, $V12, $V13, $V14, $V15, $V16, $V17, $V18, $V19, $V20, $V21, @@ -80,63 +92,118 @@ my ( sub chacha_quad_round_group { my ( - $A0, $B0, $C0, $D0, $A1, $B1, $C1, $D1, - $A2, $B2, $C2, $D2, $A3, $B3, $C3, $D3 + $A0, $B0, $C0, $D0, + $A1, $B1, $C1, $D1, + $A2, $B2, $C2, $D2, + $A3, $B3, $C3, $D3, + + $S_A0, $S_B0, $S_C0, $S_D0, + $S_A1, $S_B1, $S_C1, $S_D1, + $S_A2, $S_B2, $S_C2, $S_D2, + $S_A3, $S_B3, $S_C3, $S_D3, ) = @_; my $code = <<___; # a += b; d ^= a; d <<<= 16; @{[vadd_vv $A0, $A0, $B0]} + add $S_A0, $S_A0, $S_B0 @{[vadd_vv $A1, $A1, $B1]} + add $S_A1, $S_A1, $S_B1 @{[vadd_vv $A2, $A2, $B2]} + add $S_A2, $S_A2, $S_B2 @{[vadd_vv $A3, $A3, $B3]} + add $S_A3, $S_A3, $S_B3 @{[vxor_vv $D0, $D0, $A0]} + xor $S_D0, $S_D0, $S_A0 @{[vxor_vv $D1, $D1, $A1]} + xor $S_D1, $S_D1, $S_A1 @{[vxor_vv $D2, $D2, $A2]} + xor $S_D2, $S_D2, $S_A2 @{[vxor_vv $D3, $D3, $A3]} + xor $S_D3, $S_D3, $S_A3 @{[vror_vi $D0, $D0, 32 - 16]} + @{[roriw $S_D0, $S_D0, 32 - 16]} @{[vror_vi $D1, $D1, 32 - 16]} + @{[roriw $S_D1, $S_D1, 32 - 16]} @{[vror_vi $D2, $D2, 32 - 16]} + @{[roriw $S_D2, $S_D2, 32 - 16]} @{[vror_vi $D3, $D3, 32 - 16]} + @{[roriw $S_D3, $S_D3, 32 - 16]} # c += d; b ^= c; b <<<= 12; @{[vadd_vv $C0, $C0, $D0]} + add $S_C0, $S_C0, $S_D0 @{[vadd_vv $C1, $C1, $D1]} + add $S_C1, $S_C1, $S_D1 @{[vadd_vv $C2, $C2, $D2]} + add $S_C2, $S_C2, $S_D2 @{[vadd_vv $C3, $C3, $D3]} + add $S_C3, $S_C3, $S_D3 @{[vxor_vv $B0, $B0, $C0]} + xor $S_B0, $S_B0, $S_C0 @{[vxor_vv $B1, $B1, $C1]} + xor $S_B1, $S_B1, $S_C1 @{[vxor_vv $B2, $B2, $C2]} + xor $S_B2, $S_B2, $S_C2 @{[vxor_vv $B3, $B3, $C3]} + xor $S_B3, $S_B3, $S_C3 @{[vror_vi $B0, $B0, 32 - 12]} + @{[roriw $S_B0, $S_B0, 32 - 12]} @{[vror_vi $B1, $B1, 32 - 12]} + @{[roriw $S_B1, $S_B1, 32 - 12]} @{[vror_vi $B2, $B2, 32 - 12]} + @{[roriw $S_B2, $S_B2, 32 - 12]} @{[vror_vi $B3, $B3, 32 - 12]} + @{[roriw $S_B3, $S_B3, 32 - 12]} # a += b; d ^= a; d <<<= 8; @{[vadd_vv $A0, $A0, $B0]} + add $S_A0, $S_A0, $S_B0 @{[vadd_vv $A1, $A1, $B1]} + add $S_A1, $S_A1, $S_B1 @{[vadd_vv $A2, $A2, $B2]} + add $S_A2, $S_A2, $S_B2 @{[vadd_vv $A3, $A3, $B3]} + add $S_A3, $S_A3, $S_B3 @{[vxor_vv $D0, $D0, $A0]} + xor $S_D0, $S_D0, $S_A0 @{[vxor_vv $D1, $D1, $A1]} + xor $S_D1, $S_D1, $S_A1 @{[vxor_vv $D2, $D2, $A2]} + xor $S_D2, $S_D2, $S_A2 @{[vxor_vv $D3, $D3, $A3]} + xor $S_D3, $S_D3, $S_A3 @{[vror_vi $D0, $D0, 32 - 8]} + @{[roriw $S_D0, $S_D0, 32 - 8]} @{[vror_vi $D1, $D1, 32 - 8]} + @{[roriw $S_D1, $S_D1, 32 - 8]} @{[vror_vi $D2, $D2, 32 - 8]} + @{[roriw $S_D2, $S_D2, 32 - 8]} @{[vror_vi $D3, $D3, 32 - 8]} + @{[roriw $S_D3, $S_D3, 32 - 8]} # c += d; b ^= c; b <<<= 7; @{[vadd_vv $C0, $C0, $D0]} + add $S_C0, $S_C0, $S_D0 @{[vadd_vv $C1, $C1, $D1]} + add $S_C1, $S_C1, $S_D1 @{[vadd_vv $C2, $C2, $D2]} + add $S_C2, $S_C2, $S_D2 @{[vadd_vv $C3, $C3, $D3]} + add $S_C3, $S_C3, $S_D3 @{[vxor_vv $B0, $B0, $C0]} + xor $S_B0, $S_B0, $S_C0 @{[vxor_vv $B1, $B1, $C1]} + xor $S_B1, $S_B1, $S_C1 @{[vxor_vv $B2, $B2, $C2]} + xor $S_B2, $S_B2, $S_C2 @{[vxor_vv $B3, $B3, $C3]} + xor $S_B3, $S_B3, $S_C3 @{[vror_vi $B0, $B0, 32 - 7]} + @{[roriw $S_B0, $S_B0, 32 - 7]} @{[vror_vi $B1, $B1, 32 - 7]} + @{[roriw $S_B1, $S_B1, 32 - 7]} @{[vror_vi $B2, $B2, 32 - 7]} + @{[roriw $S_B2, $S_B2, 32 - 7]} @{[vror_vi $B3, $B3, 32 - 7]} + @{[roriw $S_B3, $S_B3, 32 - 7]} ___ return $code; @@ -144,12 +211,9 @@ ___ $code .= <<___; .p2align 3 -.globl ChaCha20_ctr32_zvkb -.type ChaCha20_ctr32_zvkb,\@function -ChaCha20_ctr32_zvkb: - srli $LEN, $LEN, 6 - beqz $LEN, .Lend - +.globl ChaCha20_ctr32_zbb_zvkb +.type ChaCha20_ctr32_zbb_zvkb,\@function +ChaCha20_ctr32_zbb_zvkb: addi sp, sp, -96 sd s0, 0(sp) sd s1, 8(sp) @@ -163,139 +227,232 @@ ChaCha20_ctr32_zvkb: sd s9, 72(sp) sd s10, 80(sp) sd s11, 88(sp) + addi sp, sp, -64 - li $STRIDE, 64 - - #### chacha block data - # "expa" little endian - li $CONST_DATA0, 0x61707865 - # "nd 3" little endian - li $CONST_DATA1, 0x3320646e - # "2-by" little endian - li $CONST_DATA2, 0x79622d32 - # "te k" little endian - li $CONST_DATA3, 0x6b206574 - - lw $KEY0, 0($KEY) - lw $KEY1, 4($KEY) - lw $KEY2, 8($KEY) - lw $KEY3, 12($KEY) - lw $KEY4, 16($KEY) - lw $KEY5, 20($KEY) - lw $KEY6, 24($KEY) - lw $KEY7, 28($KEY) - - lw $COUNTER0, 0($COUNTER) - lw $COUNTER1, 4($COUNTER) - lw $NONCE0, 8($COUNTER) - lw $NONCE1, 12($COUNTER) + lw $CURRENT_COUNTER, 0($COUNTER) .Lblock_loop: - @{[vsetvli $VL, $LEN, "e32", "m1", "ta", "ma"]} + # We will use the scalar ALU for 1 chacha block. + srli $T0, $LEN, 6 + @{[vsetvli $VL, $T0, "e32", "m1", "ta", "ma"]} + slli $T1, $VL, 6 + bltu $T1, $LEN, 1f + # Since there is no more chacha block existed, we need to split 1 block + # from vector ALU. + addi $T1, $VL, -1 + @{[vsetvli $VL, $T1, "e32", "m1", "ta", "ma"]} +1: + #### chacha block data # init chacha const states + # "expa" little endian + li $CONST_DATA0, 0x61707865 @{[vmv_v_x $V0, $CONST_DATA0]} + # "nd 3" little endian + li $CONST_DATA1, 0x3320646e @{[vmv_v_x $V1, $CONST_DATA1]} + # "2-by" little endian + li $CONST_DATA2, 0x79622d32 @{[vmv_v_x $V2, $CONST_DATA2]} + # "te k" little endian + li $CONST_DATA3, 0x6b206574 + lw $KEY0, 0($KEY) @{[vmv_v_x $V3, $CONST_DATA3]} # init chacha key states + lw $KEY1, 4($KEY) @{[vmv_v_x $V4, $KEY0]} + lw $KEY2, 8($KEY) @{[vmv_v_x $V5, $KEY1]} + lw $KEY3, 12($KEY) @{[vmv_v_x $V6, $KEY2]} + lw $KEY4, 16($KEY) @{[vmv_v_x $V7, $KEY3]} + lw $KEY5, 20($KEY) @{[vmv_v_x $V8, $KEY4]} + lw $KEY6, 24($KEY) @{[vmv_v_x $V9, $KEY5]} + lw $KEY7, 28($KEY) @{[vmv_v_x $V10, $KEY6]} @{[vmv_v_x $V11, $KEY7]} # init chacha key states + lw $COUNTER1, 4($COUNTER) @{[vid_v $V12]} - @{[vadd_vx $V12, $V12, $COUNTER0]} + lw $NONCE0, 8($COUNTER) + @{[vadd_vx $V12, $V12, $CURRENT_COUNTER]} + lw $NONCE1, 12($COUNTER) @{[vmv_v_x $V13, $COUNTER1]} + add $COUNTER0, $CURRENT_COUNTER, $VL # init chacha nonce states @{[vmv_v_x $V14, $NONCE0]} @{[vmv_v_x $V15, $NONCE1]} + li $T0, 64 # load the top-half of input data - @{[vlsseg_nf_e32_v 8, $V16, $INPUT, $STRIDE]} + @{[vlsseg_nf_e32_v 8, $V16, $INPUT, $T0]} - li $CHACHA_LOOP_COUNT, 10 + # 20 round groups + li $T0, 10 .Lround_loop: - addi $CHACHA_LOOP_COUNT, $CHACHA_LOOP_COUNT, -1 + addi $T0, $T0, -1 @{[chacha_quad_round_group $V0, $V4, $V8, $V12, $V1, $V5, $V9, $V13, $V2, $V6, $V10, $V14, - $V3, $V7, $V11, $V15]} + $V3, $V7, $V11, $V15, + $STATE0, $STATE4, $STATE8, $STATE12, + $STATE1, $STATE5, $STATE9, $STATE13, + $STATE2, $STATE6, $STATE10, $STATE14, + $STATE3, $STATE7, $STATE11, $STATE15]} @{[chacha_quad_round_group + $V3, $V4, $V9, $V14, $V0, $V5, $V10, $V15, $V1, $V6, $V11, $V12, $V2, $V7, $V8, $V13, - $V3, $V4, $V9, $V14]} - bnez $CHACHA_LOOP_COUNT, .Lround_loop + $STATE3, $STATE4, $STATE9, $STATE14, + $STATE0, $STATE5, $STATE10, $STATE15, + $STATE1, $STATE6, $STATE11, $STATE12, + $STATE2, $STATE7, $STATE8, $STATE13]} + bnez $T0, .Lround_loop + li $T0, 64 # load the bottom-half of input data - addi $T0, $INPUT, 32 - @{[vlsseg_nf_e32_v 8, $V24, $T0, $STRIDE]} + addi $T1, $INPUT, 32 + @{[vlsseg_nf_e32_v 8, $V24, $T1, $T0]} # add chacha top-half initial block states - @{[vadd_vx $V0, $V0, $CONST_DATA0]} - @{[vadd_vx $V1, $V1, $CONST_DATA1]} - @{[vadd_vx $V2, $V2, $CONST_DATA2]} - @{[vadd_vx $V3, $V3, $CONST_DATA3]} - @{[vadd_vx $V4, $V4, $KEY0]} - @{[vadd_vx $V5, $V5, $KEY1]} - @{[vadd_vx $V6, $V6, $KEY2]} - @{[vadd_vx $V7, $V7, $KEY3]} + # "expa" little endian + li $T0, 0x61707865 + @{[vadd_vx $V0, $V0, $T0]} + add $STATE0, $STATE0, $T0 + # "nd 3" little endian + li $T1, 0x3320646e + @{[vadd_vx $V1, $V1, $T1]} + add $STATE1, $STATE1, $T1 + lw $T0, 0($KEY) + # "2-by" little endian + li $T2, 0x79622d32 + @{[vadd_vx $V2, $V2, $T2]} + add $STATE2, $STATE2, $T2 + lw $T1, 4($KEY) + # "te k" little endian + li $T3, 0x6b206574 + @{[vadd_vx $V3, $V3, $T3]} + add $STATE3, $STATE3, $T3 + lw $T2, 8($KEY) + @{[vadd_vx $V4, $V4, $T0]} + add $STATE4, $STATE4, $T0 + lw $T3, 12($KEY) + @{[vadd_vx $V5, $V5, $T1]} + add $STATE5, $STATE5, $T1 + @{[vadd_vx $V6, $V6, $T2]} + add $STATE6, $STATE6, $T2 + @{[vadd_vx $V7, $V7, $T3]} + add $STATE7, $STATE7, $T3 + # xor with the top-half input @{[vxor_vv $V16, $V16, $V0]} + sw $STATE0, 0(sp) + sw $STATE1, 4(sp) @{[vxor_vv $V17, $V17, $V1]} + sw $STATE2, 8(sp) + sw $STATE3, 12(sp) @{[vxor_vv $V18, $V18, $V2]} + sw $STATE4, 16(sp) + sw $STATE5, 20(sp) @{[vxor_vv $V19, $V19, $V3]} + sw $STATE6, 24(sp) + sw $STATE7, 28(sp) @{[vxor_vv $V20, $V20, $V4]} + lw $T0, 16($KEY) @{[vxor_vv $V21, $V21, $V5]} + lw $T1, 20($KEY) @{[vxor_vv $V22, $V22, $V6]} + lw $T2, 24($KEY) @{[vxor_vv $V23, $V23, $V7]} # save the top-half of output - @{[vssseg_nf_e32_v 8, $V16, $OUTPUT, $STRIDE]} + li $T3, 64 + @{[vssseg_nf_e32_v 8, $V16, $OUTPUT, $T3]} # add chacha bottom-half initial block states - @{[vadd_vx $V8, $V8, $KEY4]} - @{[vadd_vx $V9, $V9, $KEY5]} - @{[vadd_vx $V10, $V10, $KEY6]} - @{[vadd_vx $V11, $V11, $KEY7]} + @{[vadd_vx $V8, $V8, $T0]} + add $STATE8, $STATE8, $T0 + lw $T3, 28($KEY) + @{[vadd_vx $V9, $V9, $T1]} + add $STATE9, $STATE9, $T1 + lw $T0, 4($COUNTER) + @{[vadd_vx $V10, $V10, $T2]} + add $STATE10, $STATE10, $T2 + lw $T1, 8($COUNTER) + @{[vadd_vx $V11, $V11, $T3]} + add $STATE11, $STATE11, $T3 + lw $T2, 12($COUNTER) @{[vid_v $V0]} - @{[vadd_vx $V12, $V12, $COUNTER0]} - @{[vadd_vx $V13, $V13, $COUNTER1]} - @{[vadd_vx $V14, $V14, $NONCE0]} - @{[vadd_vx $V15, $V15, $NONCE1]} + add $STATE12, $STATE12, $CURRENT_COUNTER + @{[vadd_vx $V12, $V12, $CURRENT_COUNTER]} + add $STATE12, $STATE12, $VL + @{[vadd_vx $V13, $V13, $T0]} + add $STATE13, $STATE13, $T0 + @{[vadd_vx $V14, $V14, $T1]} + add $STATE14, $STATE14, $T1 + @{[vadd_vx $V15, $V15, $T2]} + add $STATE15, $STATE15, $T2 @{[vadd_vv $V12, $V12, $V0]} # xor with the bottom-half input @{[vxor_vv $V24, $V24, $V8]} + sw $STATE8, 32(sp) @{[vxor_vv $V25, $V25, $V9]} + sw $STATE9, 36(sp) @{[vxor_vv $V26, $V26, $V10]} + sw $STATE10, 40(sp) @{[vxor_vv $V27, $V27, $V11]} + sw $STATE11, 44(sp) @{[vxor_vv $V29, $V29, $V13]} + sw $STATE12, 48(sp) @{[vxor_vv $V28, $V28, $V12]} + sw $STATE13, 52(sp) @{[vxor_vv $V30, $V30, $V14]} + sw $STATE14, 56(sp) @{[vxor_vv $V31, $V31, $V15]} + sw $STATE15, 60(sp) # save the bottom-half of output - addi $T0, $OUTPUT, 32 - @{[vssseg_nf_e32_v 8, $V24, $T0, $STRIDE]} + li $T0, 64 + addi $T1, $OUTPUT, 32 + @{[vssseg_nf_e32_v 8, $V24, $T1, $T0]} - # update counter - add $COUNTER0, $COUNTER0, $VL - sub $LEN, $LEN, $VL - # increase offset for `4 * 16 * VL = 64 * VL` + # the computed vector parts: `64 * VL` slli $T0, $VL, 6 + add $INPUT, $INPUT, $T0 add $OUTPUT, $OUTPUT, $T0 + sub $LEN, $LEN, $T0 + add $CURRENT_COUNTER, $CURRENT_COUNTER, $VL + + # process the scalar data block + addi $CURRENT_COUNTER, $CURRENT_COUNTER, 1 + li $T0, 64 + @{[minu $T1, $LEN, $T0]} + sub $LEN, $LEN, $T1 + mv $T2, sp +.Lscalar_data_loop: + @{[vsetvli $VL, $T1, "e8", "m8", "ta", "ma"]} + @{[vle8_v $V8, $INPUT]} + @{[vle8_v $V16, $T2]} + @{[vxor_vv $V8, $V8, $V16]} + @{[vse8_v $V8, $OUTPUT]} + add $INPUT, $INPUT, $VL + add $OUTPUT, $OUTPUT, $VL + add $T2, $T2, $VL + sub $T1, $T1, $VL + bnez $T1, .Lscalar_data_loop + bnez $LEN, .Lblock_loop + addi sp, sp, 64 ld s0, 0(sp) ld s1, 8(sp) ld s2, 16(sp) @@ -310,9 +467,8 @@ ChaCha20_ctr32_zvkb: ld s11, 88(sp) addi sp, sp, 96 -.Lend: ret -.size ChaCha20_ctr32_zvkb,.-ChaCha20_ctr32_zvkb +.size ChaCha20_ctr32_zbb_zvkb,.-ChaCha20_ctr32_zbb_zvkb ___ print $code; diff --git a/crypto/chacha/asm/chachap10-ppc.pl b/crypto/chacha/asm/chachap10-ppc.pl index 54a1dd4590..7b869edd5b 100755 --- a/crypto/chacha/asm/chachap10-ppc.pl +++ b/crypto/chacha/asm/chachap10-ppc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1032,10 +1032,10 @@ $code.=<<___; vadduwm $xcn0,$xcn4,@K[2] vadduwm $xdn0,$xdn4,@K[3] - be?vperm $xan0,$xa4,$xa4,$beperm - be?vperm $xbn0,$xb4,$xb4,$beperm - be?vperm $xcn0,$xcn4,$xcn4,$beperm - be?vperm $xdn0,$xdn4,$xdn4,$beperm + be?vperm $xan0,$xan0,$xan0,$beperm + be?vperm $xbn0,$xbn0,$xbn0,$beperm + be?vperm $xcn0,$xcn0,$xcn0,$beperm + be?vperm $xdn0,$xdn0,$xdn0,$beperm ${UCMP}i $len,0x40 blt Ltail_vsx_8x_1 diff --git a/crypto/chacha/build.info b/crypto/chacha/build.info index fb30b7f74f..c1352c9b62 100644 --- a/crypto/chacha/build.info +++ b/crypto/chacha/build.info @@ -22,7 +22,7 @@ IF[{- !$disabled{asm} -}] $CHACHAASM_c64xplus=chacha-c64xplus.s - $CHACHAASM_riscv64=chacha_riscv.c chacha_enc.c chacha-riscv64-zvkb.s + $CHACHAASM_riscv64=chacha_riscv.c chacha_enc.c chacha-riscv64-zbb-zvkb.s $CHACHADEF_riscv64=INCLUDE_C_CHACHA20 # Now that we have defined all the arch specific variables, use the @@ -53,4 +53,4 @@ GENERATE[chacha-s390x.S]=asm/chacha-s390x.pl GENERATE[chacha-ia64.S]=asm/chacha-ia64.pl GENERATE[chacha-ia64.s]=chacha-ia64.S GENERATE[chacha-loongarch64.S]=asm/chacha-loongarch64.pl -GENERATE[chacha-riscv64-zvkb.s]=asm/chacha-riscv64-zvkb.pl +GENERATE[chacha-riscv64-zbb-zvkb.s]=asm/chacha-riscv64-zbb-zvkb.pl diff --git a/crypto/chacha/chacha_riscv.c b/crypto/chacha/chacha_riscv.c index 729a6282d2..06e0400ba4 100644 --- a/crypto/chacha/chacha_riscv.c +++ b/crypto/chacha/chacha_riscv.c @@ -2,7 +2,7 @@ * This file is dual-licensed, meaning that you can use it under your * choice of either of the following two licenses: * - * Copyright 2023-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -40,15 +40,16 @@ #include "crypto/chacha.h" #include "crypto/riscv_arch.h" -void ChaCha20_ctr32_zvkb(unsigned char *out, const unsigned char *inp, - size_t len, const unsigned int key[8], - const unsigned int counter[4]); +void ChaCha20_ctr32_zbb_zvkb(unsigned char *out, const unsigned char *inp, + size_t len, const unsigned int key[8], + const unsigned int counter[4]); void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp, size_t len, const unsigned int key[8], const unsigned int counter[4]) { - if (RISCV_HAS_ZVKB() && riscv_vlen() >= 128) { - ChaCha20_ctr32_zvkb(out, inp, len, key, counter); + if (len > CHACHA_BLK_SIZE && RISCV_HAS_ZVKB() && RISCV_HAS_ZBB() && + riscv_vlen() >= 128) { + ChaCha20_ctr32_zbb_zvkb(out, inp, len, key, counter); } else { ChaCha20_ctr32_c(out, inp, len, key, counter); } diff --git a/crypto/cmac/cmac.c b/crypto/cmac/cmac.c index 95e531f68b..2012774f8d 100644 --- a/crypto/cmac/cmac.c +++ b/crypto/cmac/cmac.c @@ -1,5 +1,5 @@ /* - * Copyright 2010-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2010-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/cmp/cmp_asn.c b/crypto/cmp/cmp_asn.c index 3049d4f080..3285cbf424 100644 --- a/crypto/cmp/cmp_asn.c +++ b/crypto/cmp/cmp_asn.c @@ -1,5 +1,5 @@ /* - * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright Nokia 2007-2019 * Copyright Siemens AG 2015-2019 * @@ -287,23 +287,30 @@ OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaKeyUpdate(const X509 *newWithNew, const X509 *oldWithNew) { OSSL_CMP_ITAV *itav; - OSSL_CMP_ROOTCAKEYUPDATE *upd = OSSL_CMP_ROOTCAKEYUPDATE_new(); + OSSL_CMP_ROOTCAKEYUPDATE *upd = NULL; + + if (newWithNew != NULL) { + upd = OSSL_CMP_ROOTCAKEYUPDATE_new(); + if (upd == NULL) + return NULL; + + if ((upd->newWithNew = X509_dup(newWithNew)) == NULL) + goto err; + if (newWithOld != NULL + && (upd->newWithOld = X509_dup(newWithOld)) == NULL) + goto err; + if (oldWithNew != NULL + && (upd->oldWithNew = X509_dup(oldWithNew)) == NULL) + goto err; + } - if (upd == NULL) - return NULL; - if (newWithNew != NULL && (upd->newWithNew = X509_dup(newWithNew)) == NULL) - goto err; - if (newWithOld != NULL && (upd->newWithOld = X509_dup(newWithOld)) == NULL) - goto err; - if (oldWithNew != NULL && (upd->oldWithNew = X509_dup(oldWithNew)) == NULL) - goto err; if ((itav = OSSL_CMP_ITAV_new()) == NULL) goto err; itav->infoType = OBJ_nid2obj(NID_id_it_rootCaKeyUpdate); itav->infoValue.rootCaKeyUpdate = upd; return itav; - err: + err: OSSL_CMP_ROOTCAKEYUPDATE_free(upd); return NULL; } @@ -324,11 +331,11 @@ int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav, return 0; } upd = itav->infoValue.rootCaKeyUpdate; - *newWithNew = upd->newWithNew; + *newWithNew = upd != NULL ? upd->newWithNew : NULL; if (newWithOld != NULL) - *newWithOld = upd->newWithOld; + *newWithOld = upd != NULL ? upd->newWithOld : NULL; if (oldWithNew != NULL) - *oldWithNew = upd->oldWithNew; + *oldWithNew = upd != NULL ? upd->oldWithNew : NULL; return 1; } diff --git a/crypto/cmp/cmp_client.c b/crypto/cmp/cmp_client.c index 5026400b1a..dc87b3e712 100644 --- a/crypto/cmp/cmp_client.c +++ b/crypto/cmp/cmp_client.c @@ -1,5 +1,5 @@ /* - * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright Nokia 2007-2019 * Copyright Siemens AG 2015-2019 * @@ -106,9 +106,12 @@ static int save_statusInfo(OSSL_CMP_CTX *ctx, OSSL_CMP_PKISI *si) ss = si->statusString; /* may be NULL */ for (i = 0; i < sk_ASN1_UTF8STRING_num(ss); i++) { ASN1_UTF8STRING *str = sk_ASN1_UTF8STRING_value(ss, i); + ASN1_UTF8STRING *dup = ASN1_STRING_dup(str); - if (!sk_ASN1_UTF8STRING_push(ctx->statusString, ASN1_STRING_dup(str))) + if (dup == NULL || !sk_ASN1_UTF8STRING_push(ctx->statusString, dup)) { + ASN1_UTF8STRING_free(dup); return 0; + } } return 1; } @@ -733,8 +736,10 @@ static int cert_response(OSSL_CMP_CTX *ctx, int sleep, int rid, ERR_add_error_data(1, "; cannot extract certificate from response"); return 0; } - if (!ossl_cmp_ctx_set0_newCert(ctx, cert)) + if (!ossl_cmp_ctx_set0_newCert(ctx, cert)) { + X509_free(cert); return 0; + } /* * if the CMP server returned certificates in the caPubs field, copy them diff --git a/crypto/cmp/cmp_ctx.c b/crypto/cmp/cmp_ctx.c index 3f4fdd0164..7b78ab1603 100644 --- a/crypto/cmp/cmp_ctx.c +++ b/crypto/cmp/cmp_ctx.c @@ -1,5 +1,5 @@ /* - * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright Nokia 2007-2019 * Copyright Siemens AG 2015-2019 * diff --git a/crypto/cmp/cmp_err.c b/crypto/cmp/cmp_err.c index 30095aa7c5..56ac3691d7 100644 --- a/crypto/cmp/cmp_err.c +++ b/crypto/cmp/cmp_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/cmp/cmp_genm.c b/crypto/cmp/cmp_genm.c index dad6ef1189..5986036f57 100644 --- a/crypto/cmp/cmp_genm.c +++ b/crypto/cmp/cmp_genm.c @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright Siemens AG 2022 * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -307,9 +307,11 @@ int OSSL_CMP_get1_rootCaKeyUpdate(OSSL_CMP_CTX *ctx, if (!OSSL_CMP_ITAV_get0_rootCaKeyUpdate(itav, newWithNew, &my_newWithOld, &my_oldWithNew)) goto end; - - if (*newWithNew == NULL) /* no root CA cert update available */ + /* no root CA cert update available */ + if (*newWithNew == NULL) { + res = 1; goto end; + } if ((oldWithOld_copy = X509_dup(oldWithOld)) == NULL && oldWithOld != NULL) goto end; if (!verify_ss_cert_trans(ctx, oldWithOld_copy, my_newWithOld, diff --git a/crypto/cmp/cmp_local.h b/crypto/cmp/cmp_local.h index edec8808a7..89f05d7536 100644 --- a/crypto/cmp/cmp_local.h +++ b/crypto/cmp/cmp_local.h @@ -1,5 +1,5 @@ /* - * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright Nokia 2007-2019 * Copyright Siemens AG 2015-2019 * diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c index 8a7fb129db..4ba7b81087 100644 --- a/crypto/cmp/cmp_msg.c +++ b/crypto/cmp/cmp_msg.c @@ -1,5 +1,5 @@ /* - * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright Nokia 2007-2019 * Copyright Siemens AG 2015-2019 * diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c index cfbd3d8300..47bf38b2af 100644 --- a/crypto/cmp/cmp_vfy.c +++ b/crypto/cmp/cmp_vfy.c @@ -1,5 +1,5 @@ /* - * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright Nokia 2007-2020 * Copyright Siemens AG 2015-2020 * @@ -632,7 +632,7 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg) default: scrt = ctx->srvCert; if (scrt == NULL) { - if (ctx->trusted == NULL) { + if (ctx->trusted == NULL && ctx->secretValue != NULL) { ossl_cmp_info(ctx, "no trust store nor pinned server cert available for verifying signature-based CMP message protection"); ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_TRUST_ANCHOR); return 0; diff --git a/crypto/cms/cms_asn1.c b/crypto/cms/cms_asn1.c index bc6b2769f9..ecf5a44793 100644 --- a/crypto/cms/cms_asn1.c +++ b/crypto/cms/cms_asn1.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -51,6 +51,7 @@ static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, EVP_PKEY_free(si->pkey); X509_free(si->signer); EVP_MD_CTX_free(si->mctx); + EVP_PKEY_CTX_free(si->pctx); } return 1; } @@ -90,11 +91,21 @@ ASN1_SEQUENCE(CMS_OriginatorInfo) = { ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1) } static_ASN1_SEQUENCE_END(CMS_OriginatorInfo) -ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = { +static int cms_ec_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, + void *exarg) +{ + CMS_EncryptedContentInfo *ec = (CMS_EncryptedContentInfo *)*pval; + + if (operation == ASN1_OP_FREE_POST) + OPENSSL_clear_free(ec->key, ec->keylen); + return 1; +} + +ASN1_NDEF_SEQUENCE_cb(CMS_EncryptedContentInfo, cms_ec_cb) = { ASN1_SIMPLE(CMS_EncryptedContentInfo, contentType, ASN1_OBJECT), ASN1_SIMPLE(CMS_EncryptedContentInfo, contentEncryptionAlgorithm, X509_ALGOR), ASN1_IMP_OPT(CMS_EncryptedContentInfo, encryptedContent, ASN1_OCTET_STRING_NDEF, 0) -} static_ASN1_NDEF_SEQUENCE_END(CMS_EncryptedContentInfo) +} ASN1_NDEF_SEQUENCE_END_cb(CMS_EncryptedContentInfo, CMS_EncryptedContentInfo) ASN1_SEQUENCE(CMS_KeyTransRecipientInfo) = { ASN1_EMBED(CMS_KeyTransRecipientInfo, version, INT32), @@ -318,6 +329,10 @@ static int cms_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, return 0; break; + case ASN1_OP_FREE_POST: + OPENSSL_free(cms->ctx.propq); + break; + } return 1; } diff --git a/crypto/cms/cms_att.c b/crypto/cms/cms_att.c index 6c7fb349f5..64acda7263 100644 --- a/crypto/cms/cms_att.c +++ b/crypto/cms/cms_att.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/cms/cms_dh.c b/crypto/cms/cms_dh.c index c6e8c076da..402fc8cc9f 100644 --- a/crypto/cms/cms_dh.c +++ b/crypto/cms/cms_dh.c @@ -35,7 +35,7 @@ static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx, if (OBJ_obj2nid(aoid) != NID_dhpublicnumber) goto err; /* Only absent parameters allowed in RFC XXXX */ - if (atype != V_ASN1_UNDEF && atype == V_ASN1_NULL) + if (atype != V_ASN1_UNDEF && atype != V_ASN1_NULL) goto err; pk = EVP_PKEY_CTX_get0_pkey(pctx); diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c index b877e10619..2d87738ee4 100644 --- a/crypto/cms/cms_env.c +++ b/crypto/cms/cms_env.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -51,15 +51,6 @@ static int cms_get_enveloped_type(const CMS_ContentInfo *cms) return ret; } -void ossl_cms_env_enc_content_free(const CMS_ContentInfo *cinf) -{ - if (cms_get_enveloped_type_simple(cinf) != 0) { - CMS_EncryptedContentInfo *ec = ossl_cms_get0_env_enc_content(cinf); - if (ec != NULL) - OPENSSL_clear_free(ec->key, ec->keylen); - } -} - CMS_EnvelopedData *ossl_cms_get0_enveloped(CMS_ContentInfo *cms) { if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped) { @@ -289,8 +280,10 @@ BIO *CMS_EnvelopedData_decrypt(CMS_EnvelopedData *env, BIO *detached_data, secret == NULL ? cert : NULL, detached_data, bio, flags); end: - if (ci != NULL) + if (ci != NULL) { ci->d.envelopedData = NULL; /* do not indirectly free |env| */ + ci->contentType = NULL; + } CMS_ContentInfo_free(ci); if (!res) { BIO_free(bio); diff --git a/crypto/cms/cms_err.c b/crypto/cms/cms_err.c index 40aeb7088c..98d6bea5f0 100644 --- a/crypto/cms/cms_err.c +++ b/crypto/cms/cms_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -20,77 +20,79 @@ static const ERR_STRING_DATA CMS_str_reasons[] = { {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ADD_SIGNER_ERROR), "add signer error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ATTRIBUTE_ERROR), "attribute error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CERTIFICATE_ALREADY_PRESENT), - "certificate already present"}, + "certificate already present"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CERTIFICATE_HAS_NO_KEYID), - "certificate has no keyid"}, + "certificate has no keyid"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CERTIFICATE_VERIFY_ERROR), - "certificate verify error"}, + "certificate verify error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CIPHER_AEAD_SET_TAG_ERROR), - "cipher aead set tag error"}, + "cipher aead set tag error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CIPHER_GET_TAG), "cipher get tag"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CIPHER_INITIALISATION_ERROR), - "cipher initialisation error"}, + "cipher initialisation error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR), - "cipher parameter initialisation error"}, + "cipher parameter initialisation error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CMS_DATAFINAL_ERROR), - "cms datafinal error"}, + "cms datafinal error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CMS_LIB), "cms lib"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENTIDENTIFIER_MISMATCH), - "contentidentifier mismatch"}, + "contentidentifier mismatch"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_NOT_FOUND), "content not found"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_TYPE_MISMATCH), - "content type mismatch"}, + "content type mismatch"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA), - "content type not compressed data"}, + "content type not compressed data"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA), - "content type not enveloped data"}, + "content type not enveloped data"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA), - "content type not signed data"}, + "content type not signed data"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_VERIFY_ERROR), - "content verify error"}, + "content verify error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CTRL_ERROR), "ctrl error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CTRL_FAILURE), "ctrl failure"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_DECODE_ERROR), "decode error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_DECRYPT_ERROR), "decrypt error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_GETTING_PUBLIC_KEY), - "error getting public key"}, + "error getting public key"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE), - "error reading messagedigest attribute"}, + "error reading messagedigest attribute"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_SETTING_KEY), "error setting key"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_SETTING_RECIPIENTINFO), - "error setting recipientinfo"}, + "error setting recipientinfo"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_UNSUPPORTED_STATIC_KEY_AGREEMENT), + "error unsupported static key agreement"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ESS_SIGNING_CERTID_MISMATCH_ERROR), - "ess signing certid mismatch error"}, + "ess signing certid mismatch error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_ENCRYPTED_KEY_LENGTH), - "invalid encrypted key length"}, + "invalid encrypted key length"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER), - "invalid key encryption parameter"}, + "invalid key encryption parameter"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_KEY_LENGTH), "invalid key length"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_LABEL), "invalid label"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_OAEP_PARAMETERS), - "invalid oaep parameters"}, + "invalid oaep parameters"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_KDF_PARAMETER_ERROR), - "kdf parameter error"}, + "kdf parameter error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MD_BIO_INIT_ERROR), "md bio init error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH), - "messagedigest attribute wrong length"}, + "messagedigest attribute wrong length"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MESSAGEDIGEST_WRONG_LENGTH), - "messagedigest wrong length"}, + "messagedigest wrong length"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MSGSIGDIGEST_ERROR), "msgsigdigest error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE), - "msgsigdigest verification failure"}, + "msgsigdigest verification failure"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MSGSIGDIGEST_WRONG_LENGTH), - "msgsigdigest wrong length"}, + "msgsigdigest wrong length"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NEED_ONE_SIGNER), "need one signer"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_A_SIGNED_RECEIPT), - "not a signed receipt"}, + "not a signed receipt"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_ENCRYPTED_DATA), "not encrypted data"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_KEK), "not kek"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_KEY_AGREEMENT), "not key agreement"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_KEY_TRANSPORT), "not key transport"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_PWRI), "not pwri"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE), - "not supported for this key type"}, + "not supported for this key type"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_CIPHER), "no cipher"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_CONTENT), "no content"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_CONTENT_TYPE), "no content type"}, @@ -100,9 +102,9 @@ static const ERR_STRING_DATA CMS_str_reasons[] = { {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_KEY_OR_CERT), "no key or cert"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_MATCHING_DIGEST), "no matching digest"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_MATCHING_RECIPIENT), - "no matching recipient"}, + "no matching recipient"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_MATCHING_SIGNATURE), - "no matching signature"}, + "no matching signature"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_MSGSIGDIGEST), "no msgsigdigest"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_PASSWORD), "no password"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_PRIVATE_KEY), "no private key"}, @@ -110,59 +112,59 @@ static const ERR_STRING_DATA CMS_str_reasons[] = { {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_RECEIPT_REQUEST), "no receipt request"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_SIGNERS), "no signers"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_OPERATION_UNSUPPORTED), - "operation unsupported"}, + "operation unsupported"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_PEER_KEY_ERROR), "peer key error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE), - "private key does not match certificate"}, + "private key does not match certificate"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_RECEIPT_DECODE_ERROR), - "receipt decode error"}, + "receipt decode error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_RECIPIENT_ERROR), "recipient error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_SHARED_INFO_ERROR), "shared info error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_SIGNER_CERTIFICATE_NOT_FOUND), - "signer certificate not found"}, + "signer certificate not found"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_SIGNFINAL_ERROR), "signfinal error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_SMIME_TEXT_ERROR), "smime text error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_STORE_INIT_ERROR), "store init error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_COMPRESSED_DATA), - "type not compressed data"}, + "type not compressed data"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_DATA), "type not data"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_DIGESTED_DATA), - "type not digested data"}, + "type not digested data"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_ENCRYPTED_DATA), - "type not encrypted data"}, + "type not encrypted data"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_ENVELOPED_DATA), - "type not enveloped data"}, + "type not enveloped data"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNABLE_TO_FINALIZE_CONTEXT), - "unable to finalize context"}, + "unable to finalize context"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNKNOWN_CIPHER), "unknown cipher"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNKNOWN_DIGEST_ALGORITHM), - "unknown digest algorithm"}, + "unknown digest algorithm"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNKNOWN_ID), "unknown id"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM), - "unsupported compression algorithm"}, + "unsupported compression algorithm"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM), - "unsupported content encryption algorithm"}, + "unsupported content encryption algorithm"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_CONTENT_TYPE), - "unsupported content type"}, + "unsupported content type"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_ENCRYPTION_TYPE), - "unsupported encryption type"}, + "unsupported encryption type"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_KEK_ALGORITHM), - "unsupported kek algorithm"}, + "unsupported kek algorithm"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM), - "unsupported key encryption algorithm"}, + "unsupported key encryption algorithm"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_LABEL_SOURCE), - "unsupported label source"}, + "unsupported label source"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE), - "unsupported recipientinfo type"}, + "unsupported recipientinfo type"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_RECIPIENT_TYPE), - "unsupported recipient type"}, + "unsupported recipient type"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_SIGNATURE_ALGORITHM), - "unsupported signature algorithm"}, + "unsupported signature algorithm"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_TYPE), "unsupported type"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNWRAP_ERROR), "unwrap error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNWRAP_FAILURE), "unwrap failure"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_VERIFICATION_FAILURE), - "verification failure"}, + "verification failure"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_WRAP_ERROR), "wrap error"}, {0, NULL} }; diff --git a/crypto/cms/cms_kari.c b/crypto/cms/cms_kari.c index a2f422a78d..8e9e6a5d14 100644 --- a/crypto/cms/cms_kari.c +++ b/crypto/cms/cms_kari.c @@ -1,5 +1,5 @@ /* - * Copyright 2013-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2013-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -502,6 +502,13 @@ int ossl_cms_RecipientInfo_kari_encrypt(const CMS_ContentInfo *cms, oik->d.originatorKey = M_ASN1_new_of(CMS_OriginatorPublicKey); if (!oik->d.originatorKey) return 0; + } else { + /* + * Currently it is not possible to get public key as it is not stored + * during kari initialization. + */ + ERR_raise(ERR_LIB_CMS, CMS_R_ERROR_UNSUPPORTED_STATIC_KEY_AGREEMENT); + return 0; } /* Initialise KDF algorithm */ if (!ossl_cms_env_asn1_ctrl(ri, 0)) diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c index afc210c9d0..4ef614162a 100644 --- a/crypto/cms/cms_lib.c +++ b/crypto/cms/cms_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -21,6 +21,7 @@ static STACK_OF(CMS_CertificateChoices) **cms_get0_certificate_choices(CMS_ContentInfo *cms); +IMPLEMENT_ASN1_ALLOC_FUNCTIONS(CMS_ContentInfo) IMPLEMENT_ASN1_PRINT_FUNCTION(CMS_ContentInfo) CMS_ContentInfo *d2i_CMS_ContentInfo(CMS_ContentInfo **a, @@ -66,20 +67,6 @@ CMS_ContentInfo *CMS_ContentInfo_new_ex(OSSL_LIB_CTX *libctx, const char *propq) return ci; } -CMS_ContentInfo *CMS_ContentInfo_new(void) -{ - return CMS_ContentInfo_new_ex(NULL, NULL); -} - -void CMS_ContentInfo_free(CMS_ContentInfo *cms) -{ - if (cms != NULL) { - ossl_cms_env_enc_content_free(cms); - OPENSSL_free(cms->ctx.propq); - ASN1_item_free((ASN1_VALUE *)cms, ASN1_ITEM_rptr(CMS_ContentInfo)); - } -} - const CMS_CTX *ossl_cms_get0_cmsctx(const CMS_ContentInfo *cms) { return cms != NULL ? &cms->ctx : NULL; diff --git a/crypto/cms/cms_local.h b/crypto/cms/cms_local.h index 7069021267..fd5c7c9a6f 100644 --- a/crypto/cms/cms_local.h +++ b/crypto/cms/cms_local.h @@ -1,5 +1,5 @@ /* - * Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -366,6 +366,7 @@ struct CMS_Receipt_st { DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo) DECLARE_ASN1_ITEM(CMS_SignerInfo) +DECLARE_ASN1_ITEM(CMS_EncryptedContentInfo) DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber) DECLARE_ASN1_ITEM(CMS_Attributes_Sign) DECLARE_ASN1_ITEM(CMS_Attributes_Verify) @@ -447,7 +448,6 @@ BIO *ossl_cms_EnvelopedData_init_bio(CMS_ContentInfo *cms); int ossl_cms_EnvelopedData_final(CMS_ContentInfo *cms, BIO *chain); BIO *ossl_cms_AuthEnvelopedData_init_bio(CMS_ContentInfo *cms); int ossl_cms_AuthEnvelopedData_final(CMS_ContentInfo *cms, BIO *cmsbio); -void ossl_cms_env_enc_content_free(const CMS_ContentInfo *cinf); CMS_EnvelopedData *ossl_cms_get0_enveloped(CMS_ContentInfo *cms); CMS_AuthEnvelopedData *ossl_cms_get0_auth_enveloped(CMS_ContentInfo *cms); CMS_EncryptedContentInfo *ossl_cms_get0_env_enc_content(const CMS_ContentInfo *cms); diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c index a028c5842c..e32f5e6117 100644 --- a/crypto/cms/cms_pwri.c +++ b/crypto/cms/cms_pwri.c @@ -1,5 +1,5 @@ /* - * Copyright 2009-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2009-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -168,7 +168,8 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, /* Setup PBE algorithm */ - pwri->keyDerivationAlgorithm = PKCS5_pbkdf2_set(iter, NULL, 0, -1, -1); + pwri->keyDerivationAlgorithm = PKCS5_pbkdf2_set_ex(iter, NULL, 0, -1, -1, + cms_ctx->libctx); if (pwri->keyDerivationAlgorithm == NULL) goto err; @@ -368,9 +369,10 @@ int ossl_cms_RecipientInfo_pwri_crypt(const CMS_ContentInfo *cms, /* Finish password based key derivation to setup key in "ctx" */ - if (EVP_PBE_CipherInit(algtmp->algorithm, - (char *)pwri->pass, pwri->passlen, - algtmp->parameter, kekctx, en_de) < 0) { + if (EVP_PBE_CipherInit_ex(algtmp->algorithm, + (char *)pwri->pass, pwri->passlen, + algtmp->parameter, kekctx, en_de, + cms_ctx->libctx, cms_ctx->propq) < 0) { ERR_raise(ERR_LIB_CMS, ERR_R_EVP_LIB); goto err; } diff --git a/crypto/cms/cms_rsa.c b/crypto/cms/cms_rsa.c index 31436d4d68..f132df5c8a 100644 --- a/crypto/cms/cms_rsa.c +++ b/crypto/cms/cms_rsa.c @@ -222,7 +222,10 @@ static int rsa_cms_sign(CMS_SignerInfo *si) os = ossl_rsa_ctx_to_pss_string(pkctx); if (os == NULL) return 0; - return X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_PKEY_RSA_PSS), V_ASN1_SEQUENCE, os); + if (X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_PKEY_RSA_PSS), V_ASN1_SEQUENCE, os)) + return 1; + ASN1_STRING_free(os); + return 0; } params[0] = OSSL_PARAM_construct_octet_string( diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c index b41e3571b2..8ad94a9ed0 100644 --- a/crypto/cms/cms_sd.c +++ b/crypto/cms/cms_sd.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -512,8 +512,12 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, ossl_cms_ctx_get0_libctx(ctx), ossl_cms_ctx_get0_propq(ctx), pk, NULL) <= 0) { + si->pctx = NULL; goto err; } + else { + EVP_MD_CTX_set_flags(si->mctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX); + } } if (sd->signerInfos == NULL) @@ -758,6 +762,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, unsigned char computed_md[EVP_MAX_MD_SIZE]; pctx = si->pctx; + si->pctx = NULL; if (md == NULL) { if (!EVP_DigestFinal_ex(mctx, computed_md, &mdlen)) goto err; @@ -851,6 +856,7 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si) ossl_cms_ctx_get0_propq(ctx), si->pkey, NULL) <= 0) goto err; + EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX); si->pctx = pctx; } @@ -922,9 +928,16 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si) goto err; } mctx = si->mctx; + if (si->pctx != NULL) { + EVP_PKEY_CTX_free(si->pctx); + si->pctx = NULL; + } if (EVP_DigestVerifyInit_ex(mctx, &si->pctx, EVP_MD_get0_name(md), libctx, - propq, si->pkey, NULL) <= 0) + propq, si->pkey, NULL) <= 0) { + si->pctx = NULL; goto err; + } + EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX); if (!cms_sd_asn1_ctrl(si, 1)) goto err; @@ -1040,8 +1053,11 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain) if (EVP_PKEY_CTX_set_signature_md(pkctx, md) <= 0) goto err; si->pctx = pkctx; - if (!cms_sd_asn1_ctrl(si, 1)) + if (!cms_sd_asn1_ctrl(si, 1)) { + si->pctx = NULL; goto err; + } + si->pctx = NULL; r = EVP_PKEY_verify(pkctx, si->signature->data, si->signature->length, mval, mlen); if (r <= 0) { diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c index 99a72f4dff..3a8b13d6ec 100644 --- a/crypto/cms/cms_smime.c +++ b/crypto/cms/cms_smime.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -236,7 +236,7 @@ CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in, const EVP_CIPHER *cipher, if (cms == NULL) return NULL; if (!CMS_EncryptedData_set1_key(cms, cipher, key, keylen)) - return NULL; + goto err; if (!(flags & CMS_DETACHED)) CMS_set_detached(cms, 0); @@ -245,6 +245,7 @@ CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in, const EVP_CIPHER *cipher, || CMS_final(cms, in, NULL, flags)) return cms; + err: CMS_ContentInfo_free(cms); return NULL; } diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index e047746f67..399aefb199 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -330,7 +330,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) v = NULL; /* check for line continuation */ - if (bufnum >= 1) { + if (!again && bufnum >= 1) { /* * If we have bytes and the last char '\\' and second last char * is not '\\' diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c index 99e9f8c987..2a1c992eb2 100644 --- a/crypto/conf/conf_lib.c +++ b/crypto/conf/conf_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -476,6 +476,9 @@ int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *settings, void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *settings) { + if (settings == NULL) + return; + free(settings->filename); free(settings->appname); free(settings); diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c index 0b703826a7..6d3683d76f 100644 --- a/crypto/conf/conf_mod.c +++ b/crypto/conf/conf_mod.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -99,7 +99,7 @@ static void module_lists_free(void) DEFINE_RUN_ONCE_STATIC(do_init_module_list_lock) { - module_list_lock = ossl_rcu_lock_new(1); + module_list_lock = ossl_rcu_lock_new(1, NULL); if (module_list_lock == NULL) { ERR_raise(ERR_LIB_CONF, ERR_R_CRYPTO_LIB); return 0; @@ -368,6 +368,7 @@ static CONF_MODULE *module_add(DSO *dso, const char *name, err: ossl_rcu_write_unlock(module_list_lock); + sk_CONF_MODULE_free(new_modules); if (tmod != NULL) { OPENSSL_free(tmod->name); OPENSSL_free(tmod); @@ -466,6 +467,7 @@ static int module_init(CONF_MODULE *pmod, const char *name, const char *value, if (!sk_CONF_IMODULE_push(new_modules, imod)) { ossl_rcu_write_unlock(module_list_lock); + sk_CONF_IMODULE_free(new_modules); ERR_raise(ERR_LIB_CONF, ERR_R_CRYPTO_LIB); goto err; } @@ -516,13 +518,14 @@ void CONF_modules_unload(int all) old_modules = ossl_rcu_deref(&supported_modules); new_modules = sk_CONF_MODULE_dup(old_modules); - to_delete = sk_CONF_MODULE_new_null(); if (new_modules == NULL) { ossl_rcu_write_unlock(module_list_lock); return; } + to_delete = sk_CONF_MODULE_new_null(); + /* unload modules in reverse order */ for (i = sk_CONF_MODULE_num(new_modules) - 1; i >= 0; i--) { md = sk_CONF_MODULE_value(new_modules, i); diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c index 3019bcf31a..106434dcbf 100644 --- a/crypto/conf/conf_sap.c +++ b/crypto/conf/conf_sap.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -38,6 +38,8 @@ void OPENSSL_config(const char *appname) settings.appname = strdup(appname); settings.flags = DEFAULT_CONF_MFLAGS; OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, &settings); + + free(settings.appname); } #endif diff --git a/crypto/context.c b/crypto/context.c index 33d52a964b..d7cfeae865 100644 --- a/crypto/context.c +++ b/crypto/context.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -29,6 +29,7 @@ struct ossl_lib_ctx_st { void *global_properties; void *drbg; void *drbg_nonce; + CRYPTO_THREAD_LOCAL rcu_local_key; #ifndef FIPS_MODULE void *provider_conf; void *bio_core; @@ -53,17 +54,23 @@ struct ossl_lib_ctx_st { int ossl_lib_ctx_write_lock(OSSL_LIB_CTX *ctx) { - return CRYPTO_THREAD_write_lock(ossl_lib_ctx_get_concrete(ctx)->lock); + if ((ctx = ossl_lib_ctx_get_concrete(ctx)) == NULL) + return 0; + return CRYPTO_THREAD_write_lock(ctx->lock); } int ossl_lib_ctx_read_lock(OSSL_LIB_CTX *ctx) { - return CRYPTO_THREAD_read_lock(ossl_lib_ctx_get_concrete(ctx)->lock); + if ((ctx = ossl_lib_ctx_get_concrete(ctx)) == NULL) + return 0; + return CRYPTO_THREAD_read_lock(ctx->lock); } int ossl_lib_ctx_unlock(OSSL_LIB_CTX *ctx) { - return CRYPTO_THREAD_unlock(ossl_lib_ctx_get_concrete(ctx)->lock); + if ((ctx = ossl_lib_ctx_get_concrete(ctx)) == NULL) + return 0; + return CRYPTO_THREAD_unlock(ctx->lock); } int ossl_lib_ctx_is_child(OSSL_LIB_CTX *ctx) @@ -81,9 +88,12 @@ static int context_init(OSSL_LIB_CTX *ctx) { int exdata_done = 0; + if (!CRYPTO_THREAD_init_local(&ctx->rcu_local_key, NULL)) + return 0; + ctx->lock = CRYPTO_THREAD_lock_new(); if (ctx->lock == NULL) - return 0; + goto err; ctx->rand_crngt_lock = CRYPTO_THREAD_lock_new(); if (ctx->rand_crngt_lock == NULL) @@ -209,6 +219,7 @@ static int context_init(OSSL_LIB_CTX *ctx) CRYPTO_THREAD_lock_free(ctx->rand_crngt_lock); CRYPTO_THREAD_lock_free(ctx->lock); + CRYPTO_THREAD_cleanup_local(&ctx->rcu_local_key); memset(ctx, '\0', sizeof(*ctx)); return 0; } @@ -355,6 +366,7 @@ static int context_deinit(OSSL_LIB_CTX *ctx) CRYPTO_THREAD_lock_free(ctx->lock); ctx->rand_crngt_lock = NULL; ctx->lock = NULL; + CRYPTO_THREAD_cleanup_local(&ctx->rcu_local_key); return 1; } @@ -404,7 +416,7 @@ static OSSL_LIB_CTX *get_default_context(void) { OSSL_LIB_CTX *current_defctx = get_thread_default_context(); - if (current_defctx == NULL) + if (current_defctx == NULL && default_context_inited) current_defctx = &default_context_int; return current_defctx; } @@ -471,7 +483,7 @@ int OSSL_LIB_CTX_load_config(OSSL_LIB_CTX *ctx, const char *config_file) void OSSL_LIB_CTX_free(OSSL_LIB_CTX *ctx) { - if (ossl_lib_ctx_is_default(ctx)) + if (ctx == NULL || ossl_lib_ctx_is_default(ctx)) return; #ifndef FIPS_MODULE @@ -652,3 +664,11 @@ const char *ossl_lib_ctx_get_descriptor(OSSL_LIB_CTX *libctx) return "Non-default library context"; #endif } + +CRYPTO_THREAD_LOCAL *ossl_lib_ctx_get_rcukey(OSSL_LIB_CTX *libctx) +{ + libctx = ossl_lib_ctx_get_concrete(libctx); + if (libctx == NULL) + return NULL; + return &libctx->rcu_local_key; +} diff --git a/crypto/core_fetch.c b/crypto/core_fetch.c index d311158d77..70715e7d6a 100644 --- a/crypto/core_fetch.c +++ b/crypto/core_fetch.c @@ -120,7 +120,7 @@ static void ossl_method_construct_this(OSSL_PROVIDER *provider, * It is *expected* that the put function increments the refcnt * of the passed method. */ - data->mcm->put(data->store, method, provider, algo->algorithm_names, + data->mcm->put(no_store ? data->store : NULL, method, provider, algo->algorithm_names, algo->property_definition, data->mcm_data); /* refcnt-- because we're dropping the reference */ diff --git a/crypto/deterministic_nonce.c b/crypto/deterministic_nonce.c index 60af7f6ab6..3da9ba420f 100644 --- a/crypto/deterministic_nonce.c +++ b/crypto/deterministic_nonce.c @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,11 +7,13 @@ * https://www.openssl.org/source/license.html */ +#include #include #include #include #include #include "internal/deterministic_nonce.h" +#include "crypto/bn.h" /* * Convert a Bit String to an Integer (See RFC 6979 Section 2.3.2) @@ -38,6 +40,36 @@ static int bits2int(BIGNUM *out, int qlen_bits, return 1; } +/* + * Convert as above a Bit String in const time to an Integer w fixed top + * + * Params: + * out The returned Integer as a BIGNUM + * qlen_bits The maximum size of the returned integer in bits. The returned + * Integer is shifted right if inlen is larger than qlen_bits.. + * in, inlen The input Bit String (in bytes). It has sizeof(BN_ULONG) bytes + * prefix with all bits set that needs to be cleared out after + * the conversion. + * Returns: 1 if successful, or 0 otherwise. + */ +static int bits2int_consttime(BIGNUM *out, int qlen_bits, + const unsigned char *in, size_t inlen) +{ + int blen_bits = (inlen - sizeof(BN_ULONG)) * 8; + int shift; + + if (BN_bin2bn(in, (int)inlen, out) == NULL) + return 0; + + BN_set_flags(out, BN_FLG_CONSTTIME); + ossl_bn_mask_bits_fixed_top(out, blen_bits); + + shift = blen_bits - qlen_bits; + if (shift > 0) + return bn_rshift_fixed_top(out, out, shift); + return 1; +} + /* * Convert an Integer to an Octet String (See RFC 6979 2.3.3). * The value is zero padded if required. @@ -155,8 +187,9 @@ int ossl_gen_deterministic_nonce_rfc6979(BIGNUM *out, const BIGNUM *q, { EVP_KDF_CTX *kdfctx = NULL; int ret = 0, rlen = 0, qlen_bits = 0; - unsigned char *entropyx = NULL, *nonceh = NULL, *T = NULL; + unsigned char *entropyx = NULL, *nonceh = NULL, *rbits = NULL, *T = NULL; size_t allocsz = 0; + const size_t prefsz = sizeof(BN_ULONG); if (out == NULL) return 0; @@ -167,15 +200,18 @@ int ossl_gen_deterministic_nonce_rfc6979(BIGNUM *out, const BIGNUM *q, /* Note rlen used here is in bytes since the input values are byte arrays */ rlen = (qlen_bits + 7) / 8; - allocsz = 3 * rlen; + allocsz = prefsz + 3 * rlen; /* Use a single alloc for the buffers T, nonceh and entropyx */ T = (unsigned char *)OPENSSL_zalloc(allocsz); if (T == NULL) return 0; - nonceh = T + rlen; + rbits = T + prefsz; + nonceh = rbits + rlen; entropyx = nonceh + rlen; + memset(T, 0xff, prefsz); + if (!int2octets(entropyx, priv, rlen) || !bits2octets(nonceh, q, qlen_bits, rlen, hm, hmlen)) goto end; @@ -185,10 +221,16 @@ int ossl_gen_deterministic_nonce_rfc6979(BIGNUM *out, const BIGNUM *q, goto end; do { - if (!EVP_KDF_derive(kdfctx, T, rlen, NULL) - || !bits2int(out, qlen_bits, T, rlen)) + if (!EVP_KDF_derive(kdfctx, rbits, rlen, NULL) + || !bits2int_consttime(out, qlen_bits, T, rlen + prefsz)) goto end; - } while (BN_is_zero(out) || BN_is_one(out) || BN_cmp(out, q) >= 0); + } while (ossl_bn_is_word_fixed_top(out, 0) + || ossl_bn_is_word_fixed_top(out, 1) + || BN_ucmp(out, q) >= 0); +#ifdef BN_DEBUG + /* With BN_DEBUG on a fixed top number cannot be returned */ + bn_correct_top(out); +#endif ret = 1; end: diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c index cc997bd8bd..ae23f61839 100644 --- a/crypto/dh/dh_check.c +++ b/crypto/dh/dh_check.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index 9d5a6b0b6c..93e08b3f8c 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -141,7 +141,7 @@ void DH_free(DH *r) return; CRYPTO_DOWN_REF(&r->references, &i); - REF_PRINT_COUNT("DH", r); + REF_PRINT_COUNT("DH", i, r); if (i > 0) return; REF_ASSERT_ISNT(i < 0); @@ -171,7 +171,7 @@ int DH_up_ref(DH *r) if (CRYPTO_UP_REF(&r->references, &i) <= 0) return 0; - REF_PRINT_COUNT("DH", r); + REF_PRINT_COUNT("DH", i, r); REF_ASSERT_ISNT(i < 2); return ((i > 1) ? 1 : 0); } diff --git a/crypto/dsa/dsa_check.c b/crypto/dsa/dsa_check.c index 1d42bf77ca..e1375dfad9 100644 --- a/crypto/dsa/dsa_check.c +++ b/crypto/dsa/dsa_check.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -19,8 +19,34 @@ #include "dsa_local.h" #include "crypto/dsa.h" +static int dsa_precheck_params(const DSA *dsa, int *ret) +{ + if (dsa->params.p == NULL || dsa->params.q == NULL) { + ERR_raise(ERR_LIB_DSA, DSA_R_BAD_FFC_PARAMETERS); + *ret = FFC_CHECK_INVALID_PQ; + return 0; + } + + if (BN_num_bits(dsa->params.p) > OPENSSL_DSA_MAX_MODULUS_BITS) { + ERR_raise(ERR_LIB_DSA, DSA_R_MODULUS_TOO_LARGE); + *ret = FFC_CHECK_INVALID_PQ; + return 0; + } + + if (BN_num_bits(dsa->params.q) >= BN_num_bits(dsa->params.p)) { + ERR_raise(ERR_LIB_DSA, DSA_R_BAD_Q_VALUE); + *ret = FFC_CHECK_INVALID_PQ; + return 0; + } + + return 1; +} + int ossl_dsa_check_params(const DSA *dsa, int checktype, int *ret) { + if (!dsa_precheck_params(dsa, ret)) + return 0; + if (checktype == OSSL_KEYMGMT_VALIDATE_QUICK_CHECK) return ossl_ffc_params_simple_validate(dsa->libctx, &dsa->params, FFC_PARAM_TYPE_DSA, ret); @@ -39,6 +65,9 @@ int ossl_dsa_check_params(const DSA *dsa, int checktype, int *ret) */ int ossl_dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret) { + if (!dsa_precheck_params(dsa, ret)) + return 0; + return ossl_ffc_validate_public_key(&dsa->params, pub_key, ret) && *ret == 0; } @@ -50,6 +79,9 @@ int ossl_dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret) */ int ossl_dsa_check_pub_key_partial(const DSA *dsa, const BIGNUM *pub_key, int *ret) { + if (!dsa_precheck_params(dsa, ret)) + return 0; + return ossl_ffc_validate_public_key_partial(&dsa->params, pub_key, ret) && *ret == 0; } @@ -58,8 +90,10 @@ int ossl_dsa_check_priv_key(const DSA *dsa, const BIGNUM *priv_key, int *ret) { *ret = 0; - return (dsa->params.q != NULL - && ossl_ffc_validate_private_key(dsa->params.q, priv_key, ret)); + if (!dsa_precheck_params(dsa, ret)) + return 0; + + return ossl_ffc_validate_private_key(dsa->params.q, priv_key, ret); } /* @@ -72,8 +106,10 @@ int ossl_dsa_check_pairwise(const DSA *dsa) BN_CTX *ctx = NULL; BIGNUM *pub_key = NULL; - if (dsa->params.p == NULL - || dsa->params.g == NULL + if (!dsa_precheck_params(dsa, &ret)) + return 0; + + if (dsa->params.g == NULL || dsa->priv_key == NULL || dsa->pub_key == NULL) return 0; diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index 7997c2ac25..db6e3b059b 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -218,7 +218,7 @@ void DSA_free(DSA *r) return; CRYPTO_DOWN_REF(&r->references, &i); - REF_PRINT_COUNT("DSA", r); + REF_PRINT_COUNT("DSA", i, r); if (i > 0) return; REF_ASSERT_ISNT(i < 0); @@ -249,7 +249,7 @@ int DSA_up_ref(DSA *r) if (CRYPTO_UP_REF(&r->references, &i) <= 0) return 0; - REF_PRINT_COUNT("DSA", r); + REF_PRINT_COUNT("DSA", i, r); REF_ASSERT_ISNT(i < 2); return ((i > 1) ? 1 : 0); } diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index 234362b6d7..59b26d7369 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -282,13 +282,14 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, * We calculate k from SHA512(private_key + H(message) + random). * This protects the private key from a weak PRNG. */ - if (!BN_generate_dsa_nonce(k, dsa->params.q, dsa->priv_key, dgst, - dlen, ctx)) + if (!ossl_bn_gen_dsa_nonce_fixed_top(k, dsa->params.q, + dsa->priv_key, dgst, + dlen, ctx)) goto err; } - } else if (!BN_priv_rand_range_ex(k, dsa->params.q, 0, ctx)) + } else if (!ossl_bn_priv_rand_range_fixed_top(k, dsa->params.q, 0, ctx)) goto err; - } while (BN_is_zero(k)); + } while (ossl_bn_is_word_fixed_top(k, 0)); BN_set_flags(k, BN_FLG_CONSTTIME); BN_set_flags(l, BN_FLG_CONSTTIME); diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c index b806e7e655..aab7953c0d 100644 --- a/crypto/dsa/dsa_sign.c +++ b/crypto/dsa/dsa_sign.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -157,6 +157,11 @@ int ossl_dsa_sign_int(int type, const unsigned char *dgst, int dlen, { DSA_SIG *s; + if (sig == NULL) { + *siglen = DSA_size(dsa); + return 1; + } + /* legacy case uses the method table */ if (dsa->libctx == NULL || dsa->meth != DSA_get_default_method()) s = DSA_do_sign(dgst, dlen, dsa); @@ -167,7 +172,7 @@ int ossl_dsa_sign_int(int type, const unsigned char *dgst, int dlen, *siglen = 0; return 0; } - *siglen = i2d_DSA_SIG(s, sig != NULL ? &sig : NULL); + *siglen = i2d_DSA_SIG(s, &sig); DSA_SIG_free(s); return 1; } diff --git a/crypto/dso/dso_dl.c b/crypto/dso/dso_dl.c index a2ec5c77f3..7bfb02093b 100644 --- a/crypto/dso/dso_dl.c +++ b/crypto/dso/dso_dl.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -229,13 +229,12 @@ static char *dl_name_converter(DSO *dso, const char *filename) ERR_raise(ERR_LIB_DSO, DSO_R_NAME_TRANSLATION_FAILED); return NULL; } - if (transform) { - if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) - sprintf(translated, "lib%s%s", filename, DSO_EXTENSION); - else - sprintf(translated, "%s%s", filename, DSO_EXTENSION); - } else - sprintf(translated, "%s", filename); + if (transform) + BIO_snprintf(translated, rsize, + (DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0 + ? "lib%s%s" : "%s%s", filename, DSO_EXTENSION); + else + BIO_snprintf(translated, rsize, "%s", filename); return translated; } diff --git a/crypto/dso/dso_dlfcn.c b/crypto/dso/dso_dlfcn.c index e128b4cc03..b5a7b7be2c 100644 --- a/crypto/dso/dso_dlfcn.c +++ b/crypto/dso/dso_dlfcn.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -265,11 +265,12 @@ static char *dlfcn_name_converter(DSO *dso, const char *filename) } if (transform) { if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) - sprintf(translated, "lib%s" DSO_EXTENSION, filename); + BIO_snprintf(translated, rsize, "lib%s" DSO_EXTENSION, filename); else - sprintf(translated, "%s" DSO_EXTENSION, filename); - } else - sprintf(translated, "%s", filename); + BIO_snprintf(translated, rsize, "%s" DSO_EXTENSION, filename); + } else { + BIO_snprintf(translated, rsize, "%s", filename); + } return translated; } diff --git a/crypto/dso/dso_lib.c b/crypto/dso/dso_lib.c index 8f3387e9b8..65579cb8b3 100644 --- a/crypto/dso/dso_lib.c +++ b/crypto/dso/dso_lib.c @@ -54,7 +54,7 @@ int DSO_free(DSO *dso) if (CRYPTO_DOWN_REF(&dso->references, &i) <= 0) return 0; - REF_PRINT_COUNT("DSO", dso); + REF_PRINT_COUNT("DSO", i, dso); if (i > 0) return 1; REF_ASSERT_ISNT(i < 0); @@ -96,7 +96,7 @@ int DSO_up_ref(DSO *dso) if (CRYPTO_UP_REF(&dso->references, &i) <= 0) return 0; - REF_PRINT_COUNT("DSO", dso); + REF_PRINT_COUNT("DSO", i, dso); REF_ASSERT_ISNT(i < 2); return ((i > 1) ? 1 : 0); } diff --git a/crypto/dso/dso_win32.c b/crypto/dso/dso_win32.c index 43210e3d98..085ddef969 100644 --- a/crypto/dso/dso_win32.c +++ b/crypto/dso/dso_win32.c @@ -444,24 +444,20 @@ static char *win32_name_converter(DSO *dso, const char *filename) char *translated; int len, transform; - len = strlen(filename); transform = ((strstr(filename, "/") == NULL) && (strstr(filename, "\\") == NULL) && (strstr(filename, ":") == NULL)); + /* If transform != 0, then we convert to %s.dll, else just dupe filename */ + + len = strlen(filename) + 1; if (transform) - /* We will convert this to "%s.dll" */ - translated = OPENSSL_malloc(len + 5); - else - /* We will simply duplicate filename */ - translated = OPENSSL_malloc(len + 1); + len += strlen(".dll"); + translated = OPENSSL_malloc(len); if (translated == NULL) { ERR_raise(ERR_LIB_DSO, DSO_R_NAME_TRANSLATION_FAILED); return NULL; } - if (transform) - sprintf(translated, "%s.dll", filename); - else - sprintf(translated, "%s", filename); + BIO_snprintf(translated, len, "%s%s", filename, transform ? ".dll" : ""); return translated; } diff --git a/crypto/ec/asm/ecp_nistp384-ppc64.pl b/crypto/ec/asm/ecp_nistp384-ppc64.pl index 28f4168e52..b663bddfc6 100755 --- a/crypto/ec/asm/ecp_nistp384-ppc64.pl +++ b/crypto/ec/asm/ecp_nistp384-ppc64.pl @@ -7,13 +7,15 @@ # https://www.openssl.org/source/license.html # # ==================================================================== -# Written by Rohan McLure for the OpenSSL -# project. +# Written by Danny Tsen # for the OpenSSL project. +# +# Copyright 2025- IBM Corp. # ==================================================================== # -# p384 lower-level primitives for PPC64 using vector instructions. +# p384 lower-level primitives for PPC64. # + use strict; use warnings; @@ -21,7 +23,7 @@ my $flavour = shift; my $output = ""; while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} if (!$output) { - $output = "-"; + $output = "-"; } my ($xlate, $dir); @@ -35,272 +37,1496 @@ open OUT,"| \"$^X\" $xlate $flavour $output"; my $code = ""; -my ($sp, $outp, $savelr, $savesp) = ("r1", "r3", "r10", "r12"); - -my $vzero = "v32"; - -sub startproc($) -{ - my ($name) = @_; - - $code.=<<___; - .globl ${name} - .align 5 -${name}: - -___ -} - -sub endproc($) -{ - my ($name) = @_; - - $code.=<<___; - blr - .size ${name},.-${name} - -___ -} - -sub load_vrs($$) -{ - my ($pointer, $reg_list) = @_; - - for (my $i = 0; $i <= 6; $i++) { - my $offset = $i * 8; - $code.=<<___; - lxsd $reg_list->[$i],$offset($pointer) -___ - } - - $code.=<<___; - -___ -} - -sub store_vrs($$) -{ - my ($pointer, $reg_list) = @_; - - for (my $i = 0; $i <= 12; $i++) { - my $offset = $i * 16; - $code.=<<___; - stxv $reg_list->[$i],$offset($pointer) -___ - } - - $code.=<<___; - -___ -} - $code.=<<___; -.machine "any" +.machine "any" .text +.globl p384_felem_mul +.type p384_felem_mul,\@function +.align 4 +p384_felem_mul: + + stdu 1, -176(1) + mflr 0 + std 14, 56(1) + std 15, 64(1) + std 16, 72(1) + std 17, 80(1) + std 18, 88(1) + std 19, 96(1) + std 20, 104(1) + std 21, 112(1) + std 22, 120(1) + + bl _p384_felem_mul_core + + mtlr 0 + ld 14, 56(1) + ld 15, 64(1) + ld 16, 72(1) + ld 17, 80(1) + ld 18, 88(1) + ld 19, 96(1) + ld 20, 104(1) + ld 21, 112(1) + ld 22, 120(1) + addi 1, 1, 176 + blr +.size p384_felem_mul,.-p384_felem_mul + +.globl p384_felem_square +.type p384_felem_square,\@function +.align 4 +p384_felem_square: + + stdu 1, -176(1) + mflr 0 + std 14, 56(1) + std 15, 64(1) + std 16, 72(1) + std 17, 80(1) + + bl _p384_felem_square_core + + mtlr 0 + ld 14, 56(1) + ld 15, 64(1) + ld 16, 72(1) + ld 17, 80(1) + addi 1, 1, 176 + blr +.size p384_felem_square,.-p384_felem_square + +# +# Felem mul core function - +# r3, r4 and r5 need to pre-loaded. +# +.type _p384_felem_mul_core,\@function +.align 4 +_p384_felem_mul_core: + + ld 6,0(4) + ld 14,0(5) + ld 7,8(4) + ld 15,8(5) + ld 8,16(4) + ld 16,16(5) + ld 9,24(4) + ld 17,24(5) + ld 10,32(4) + ld 18,32(5) + ld 11,40(4) + ld 19,40(5) + ld 12,48(4) + ld 20,48(5) + + # out0 + mulld 21, 14, 6 + mulhdu 22, 14, 6 + std 21, 0(3) + std 22, 8(3) + + vxor 0, 0, 0 + + # out1 + mtvsrdd 32+13, 14, 6 + mtvsrdd 32+14, 7, 15 + vmsumudm 1, 13, 14, 0 + + # out2 + mtvsrdd 32+15, 15, 6 + mtvsrdd 32+16, 7, 16 + mtvsrdd 32+17, 0, 8 + mtvsrdd 32+18, 0, 14 + vmsumudm 19, 15, 16, 0 + vmsumudm 2, 17, 18, 19 + + # out3 + mtvsrdd 32+13, 16, 6 + mtvsrdd 32+14, 7, 17 + mtvsrdd 32+15, 14, 8 + mtvsrdd 32+16, 9, 15 + vmsumudm 19, 13, 14, 0 + vmsumudm 3, 15, 16, 19 + + # out4 + mtvsrdd 32+13, 17, 6 + mtvsrdd 32+14, 7, 18 + mtvsrdd 32+15, 15, 8 + mtvsrdd 32+16, 9, 16 + mtvsrdd 32+17, 0, 10 + mtvsrdd 32+18, 0, 14 + vmsumudm 19, 13, 14, 0 + vmsumudm 4, 15, 16, 19 + vmsumudm 4, 17, 18, 4 + + # out5 + mtvsrdd 32+13, 18, 6 + mtvsrdd 32+14, 7, 19 + mtvsrdd 32+15, 16, 8 + mtvsrdd 32+16, 9, 17 + mtvsrdd 32+17, 14, 10 + mtvsrdd 32+18, 11, 15 + vmsumudm 19, 13, 14, 0 + vmsumudm 5, 15, 16, 19 + vmsumudm 5, 17, 18, 5 + + stxv 32+1, 16(3) + stxv 32+2, 32(3) + stxv 32+3, 48(3) + stxv 32+4, 64(3) + stxv 32+5, 80(3) + + # out6 + mtvsrdd 32+13, 19, 6 + mtvsrdd 32+14, 7, 20 + mtvsrdd 32+15, 17, 8 + mtvsrdd 32+16, 9, 18 + mtvsrdd 32+17, 15, 10 + mtvsrdd 32+18, 11, 16 + vmsumudm 19, 13, 14, 0 + vmsumudm 6, 15, 16, 19 + mtvsrdd 32+13, 0, 12 + mtvsrdd 32+14, 0, 14 + vmsumudm 19, 17, 18, 6 + vmsumudm 6, 13, 14, 19 + + # out7 + mtvsrdd 32+13, 19, 7 + mtvsrdd 32+14, 8, 20 + mtvsrdd 32+15, 17, 9 + mtvsrdd 32+16, 10, 18 + mtvsrdd 32+17, 15, 11 + mtvsrdd 32+18, 12, 16 + vmsumudm 19, 13, 14, 0 + vmsumudm 7, 15, 16, 19 + vmsumudm 7, 17, 18, 7 + + # out8 + mtvsrdd 32+13, 19, 8 + mtvsrdd 32+14, 9, 20 + mtvsrdd 32+15, 17, 10 + mtvsrdd 32+16, 11, 18 + mtvsrdd 32+17, 0, 12 + mtvsrdd 32+18, 0, 16 + vmsumudm 19, 13, 14, 0 + vmsumudm 8, 15, 16, 19 + vmsumudm 8, 17, 18, 8 + + # out9 + mtvsrdd 32+13, 19, 9 + mtvsrdd 32+14, 10, 20 + mtvsrdd 32+15, 17, 11 + mtvsrdd 32+16, 12, 18 + vmsumudm 19, 13, 14, 0 + vmsumudm 9, 15, 16, 19 + + # out10 + mtvsrdd 32+13, 19, 10 + mtvsrdd 32+14, 11, 20 + mtvsrdd 32+15, 0, 12 + mtvsrdd 32+16, 0, 18 + vmsumudm 19, 13, 14, 0 + vmsumudm 10, 15, 16, 19 + + # out11 + mtvsrdd 32+17, 19, 11 + mtvsrdd 32+18, 12, 20 + vmsumudm 11, 17, 18, 0 + + stxv 32+6, 96(3) + stxv 32+7, 112(3) + stxv 32+8, 128(3) + stxv 32+9, 144(3) + stxv 32+10, 160(3) + stxv 32+11, 176(3) + + # out12 + mulld 21, 20, 12 + mulhdu 22, 20, 12 # out12 + + std 21, 192(3) + std 22, 200(3) + + blr +.size _p384_felem_mul_core,.-_p384_felem_mul_core + +# +# Felem square core function - +# r3 and r4 need to pre-loaded. +# +.type _p384_felem_square_core,\@function +.align 4 +_p384_felem_square_core: + + ld 6, 0(4) + ld 7, 8(4) + ld 8, 16(4) + ld 9, 24(4) + ld 10, 32(4) + ld 11, 40(4) + ld 12, 48(4) + + vxor 0, 0, 0 + + # out0 + mulld 14, 6, 6 + mulhdu 15, 6, 6 + std 14, 0(3) + std 15, 8(3) + + # out1 + add 14, 6, 6 + mtvsrdd 32+13, 0, 14 + mtvsrdd 32+14, 0, 7 + vmsumudm 1, 13, 14, 0 + + # out2 + mtvsrdd 32+15, 7, 14 + mtvsrdd 32+16, 7, 8 + vmsumudm 2, 15, 16, 0 + + # out3 + add 15, 7, 7 + mtvsrdd 32+13, 8, 14 + mtvsrdd 32+14, 15, 9 + vmsumudm 3, 13, 14, 0 + + # out4 + mtvsrdd 32+13, 9, 14 + mtvsrdd 32+14, 15, 10 + mtvsrdd 32+15, 0, 8 + vmsumudm 4, 13, 14, 0 + vmsumudm 4, 15, 15, 4 + + # out5 + mtvsrdd 32+13, 10, 14 + mtvsrdd 32+14, 15, 11 + add 16, 8, 8 + mtvsrdd 32+15, 0, 16 + mtvsrdd 32+16, 0, 9 + vmsumudm 5, 13, 14, 0 + vmsumudm 5, 15, 16, 5 + + stxv 32+1, 16(3) + stxv 32+2, 32(3) + stxv 32+3, 48(3) + stxv 32+4, 64(3) + + # out6 + mtvsrdd 32+13, 11, 14 + mtvsrdd 32+14, 15, 12 + mtvsrdd 32+15, 9, 16 + mtvsrdd 32+16, 9, 10 + stxv 32+5, 80(3) + vmsumudm 19, 13, 14, 0 + vmsumudm 6, 15, 16, 19 + + # out7 + add 17, 9, 9 + mtvsrdd 32+13, 11, 15 + mtvsrdd 32+14, 16, 12 + mtvsrdd 32+15, 0, 17 + mtvsrdd 32+16, 0, 10 + vmsumudm 19, 13, 14, 0 + vmsumudm 7, 15, 16, 19 + + # out8 + mtvsrdd 32+13, 11, 16 + mtvsrdd 32+14, 17, 12 + mtvsrdd 32+15, 0, 10 + vmsumudm 19, 13, 14, 0 + vmsumudm 8, 15, 15, 19 + + # out9 + add 14, 10, 10 + mtvsrdd 32+13, 11, 17 + mtvsrdd 32+14, 14, 12 + vmsumudm 9, 13, 14, 0 + + # out10 + mtvsrdd 32+13, 11, 14 + mtvsrdd 32+14, 11, 12 + vmsumudm 10, 13, 14, 0 + + stxv 32+6, 96(3) + stxv 32+7, 112(3) + + # out11 + #add 14, 11, 11 + #mtvsrdd 32+13, 0, 14 + #mtvsrdd 32+14, 0, 12 + #vmsumudm 11, 13, 14, 0 + + mulld 6, 12, 11 + mulhdu 7, 12, 11 + addc 8, 6, 6 + adde 9, 7, 7 + + stxv 32+8, 128(3) + stxv 32+9, 144(3) + stxv 32+10, 160(3) + #stxv 32+11, 176(3) + + # out12 + mulld 14, 12, 12 + mulhdu 15, 12, 12 + + std 8, 176(3) + std 9, 184(3) + std 14, 192(3) + std 15, 200(3) + + blr +.size _p384_felem_square_core,.-_p384_felem_square_core + +# +# widefelem (128 bits) * 8 +# +.macro F128_X_8 _off1 _off2 + ld 9,\\_off1(3) + ld 8,\\_off2(3) + srdi 10,9,61 + rldimi 10,8,3,0 + sldi 9,9,3 + std 9,\\_off1(3) + std 10,\\_off2(3) +.endm + +.globl p384_felem128_mul_by_8 +.type p384_felem128_mul_by_8, \@function +.align 4 +p384_felem128_mul_by_8: + + F128_X_8 0, 8 + + F128_X_8 16, 24 + + F128_X_8 32, 40 + + F128_X_8 48, 56 + + F128_X_8 64, 72 + + F128_X_8 80, 88 + + F128_X_8 96, 104 + + F128_X_8 112, 120 + + F128_X_8 128, 136 + + F128_X_8 144, 152 + + F128_X_8 160, 168 + + F128_X_8 176, 184 + + F128_X_8 192, 200 + + blr +.size p384_felem128_mul_by_8,.-p384_felem128_mul_by_8 + +# +# widefelem (128 bits) * 2 +# +.macro F128_X_2 _off1 _off2 + ld 9,\\_off1(3) + ld 8,\\_off2(3) + srdi 10,9,63 + rldimi 10,8,1,0 + sldi 9,9,1 + std 9,\\_off1(3) + std 10,\\_off2(3) +.endm + +.globl p384_felem128_mul_by_2 +.type p384_felem128_mul_by_2, \@function +.align 4 +p384_felem128_mul_by_2: + + F128_X_2 0, 8 + + F128_X_2 16, 24 + + F128_X_2 32, 40 + + F128_X_2 48, 56 + + F128_X_2 64, 72 + + F128_X_2 80, 88 + + F128_X_2 96, 104 + + F128_X_2 112, 120 + + F128_X_2 128, 136 + + F128_X_2 144, 152 + + F128_X_2 160, 168 + + F128_X_2 176, 184 + + F128_X_2 192, 200 + + blr +.size p384_felem128_mul_by_2,.-p384_felem128_mul_by_2 + +.globl p384_felem_diff128 +.type p384_felem_diff128, \@function +.align 4 +p384_felem_diff128: + + addis 5, 2, .LConst_two127\@toc\@ha + addi 5, 5, .LConst_two127\@toc\@l + + ld 10, 0(3) + ld 8, 8(3) + li 9, 0 + addc 10, 10, 9 + li 7, -1 + rldicr 7, 7, 0, 0 # two127 + adde 8, 8, 7 + ld 11, 0(4) + ld 12, 8(4) + subfc 11, 11, 10 + subfe 12, 12, 8 + std 11, 0(3) # out0 + std 12, 8(3) + + # two127m71 = (r10, r9) + ld 8, 16(3) + ld 7, 24(3) + ld 10, 24(5) # two127m71 + addc 8, 8, 9 + adde 7, 7, 10 + ld 11, 16(4) + ld 12, 24(4) + subfc 11, 11, 8 + subfe 12, 12, 7 + std 11, 16(3) # out1 + std 12, 24(3) + + ld 8, 32(3) + ld 7, 40(3) + addc 8, 8, 9 + adde 7, 7, 10 + ld 11, 32(4) + ld 12, 40(4) + subfc 11, 11, 8 + subfe 12, 12, 7 + std 11, 32(3) # out2 + std 12, 40(3) + + ld 8, 48(3) + ld 7, 56(3) + addc 8, 8, 9 + adde 7, 7, 10 + ld 11, 48(4) + ld 12, 56(4) + subfc 11, 11, 8 + subfe 12, 12, 7 + std 11, 48(3) # out3 + std 12, 56(3) + + ld 8, 64(3) + ld 7, 72(3) + addc 8, 8, 9 + adde 7, 7, 10 + ld 11, 64(4) + ld 12, 72(4) + subfc 11, 11, 8 + subfe 12, 12, 7 + std 11, 64(3) # out4 + std 12, 72(3) + + ld 8, 80(3) + ld 7, 88(3) + addc 8, 8, 9 + adde 7, 7, 10 + ld 11, 80(4) + ld 12, 88(4) + subfc 11, 11, 8 + subfe 12, 12, 7 + std 11, 80(3) # out5 + std 12, 88(3) + + ld 8, 96(3) + ld 7, 104(3) + ld 6, 40(5) # two127p111m79m71 + addc 8, 8, 9 + adde 7, 7, 6 + ld 11, 96(4) + ld 12, 104(4) + subfc 11, 11, 8 + subfe 12, 12, 7 + std 11, 96(3) # out6 + std 12, 104(3) + + ld 8, 112(3) + ld 7, 120(3) + ld 6, 56(5) # two127m119m71 + addc 8, 8, 9 + adde 7, 7, 6 + ld 11, 112(4) + ld 12, 120(4) + subfc 11, 11, 8 + subfe 12, 12, 7 + std 11, 112(3) # out7 + std 12, 120(3) + + ld 8, 128(3) + ld 7, 136(3) + ld 6, 72(5) # two127m95m71 + addc 8, 8, 9 + adde 7, 7, 6 + ld 11, 128(4) + ld 12, 136(4) + subfc 11, 11, 8 + subfe 12, 12, 7 + std 11, 128(3) # out8 + std 12, 136(3) + + ld 8, 144(3) + ld 7, 152(3) + addc 8, 8, 9 + adde 7, 7, 10 + ld 11, 144(4) + ld 12, 152(4) + subfc 11, 11, 8 + subfe 12, 12, 7 + std 11, 144(3) # out9 + std 12, 152(3) + + ld 8, 160(3) + ld 7, 168(3) + addc 8, 8, 9 + adde 7, 7, 10 + ld 11, 160(4) + ld 12, 168(4) + subfc 11, 11, 8 + subfe 12, 12, 7 + std 11, 160(3) # out10 + std 12, 168(3) + + ld 8, 176(3) + ld 7, 184(3) + addc 8, 8, 9 + adde 7, 7, 10 + ld 11, 176(4) + ld 12, 184(4) + subfc 11, 11, 8 + subfe 12, 12, 7 + std 11, 176(3) # out11 + std 12, 184(3) + + ld 8, 192(3) + ld 7, 200(3) + addc 8, 8, 9 + adde 7, 7, 10 + ld 11, 192(4) + ld 12, 200(4) + subfc 11, 11, 8 + subfe 12, 12, 7 + std 11, 192(3) # out12 + std 12, 200(3) + + blr +.size p384_felem_diff128,.-p384_felem_diff128 + +.data +.align 4 +.LConst_two127: +#two127 +.long 0x00000000, 0x00000000, 0x00000000, 0x80000000 +#two127m71 +.long 0x00000000, 0x00000000, 0xffffff80, 0x7fffffff +#two127p111m79m71 +.long 0x00000000, 0x00000000, 0xffff7f80, 0x80007fff +#two127m119m71 +.long 0x00000000, 0x00000000, 0xffffff80, 0x7f7fffff +#two127m95m71 +.long 0x00000000, 0x00000000, 0x7fffff80, 0x7fffffff + +.text + +.globl p384_felem_diff_128_64 +.type p384_felem_diff_128_64, \@function +.align 4 +p384_felem_diff_128_64: + addis 5, 2, .LConst_128_two64\@toc\@ha + addi 5, 5, .LConst_128_two64\@toc\@l + + ld 9, 0(3) + ld 10, 8(3) + ld 8, 48(5) # two64p48m16 + li 7, 0 + addc 9, 9, 8 + li 6, 1 + adde 10, 10, 6 + ld 11, 0(4) + subfc 8, 11, 9 + subfe 12, 7, 10 + std 8, 0(3) # out0 + std 12, 8(3) + + ld 9, 16(3) + ld 10, 24(3) + ld 8, 0(5) # two64m56m8 + addc 9, 9, 8 + addze 10, 10 + ld 11, 8(4) + subfc 11, 11, 9 + subfe 12, 7, 10 + std 11, 16(3) # out1 + std 12, 24(3) + + ld 9, 32(3) + ld 10, 40(3) + ld 8, 16(5) # two64m32m8 + addc 9, 9, 8 + addze 10, 10 + ld 11, 16(4) + subfc 11, 11, 9 + subfe 12, 7, 10 + std 11, 32(3) # out2 + std 12, 40(3) + + ld 10, 48(3) + ld 8, 56(3) + #ld 9, 32(5) # two64m8 + li 9, -256 # two64m8 + addc 10, 10, 9 + addze 8, 8 + ld 11, 24(4) + subfc 11, 11, 10 + subfe 12, 7, 8 + std 11, 48(3) # out3 + std 12, 56(3) + + ld 10, 64(3) + ld 8, 72(3) + addc 10, 10, 9 + addze 8, 8 + ld 11, 32(4) + subfc 11, 11, 10 + subfe 12, 7, 8 + std 11, 64(3) # out4 + std 12, 72(3) + + ld 10, 80(3) + ld 8, 88(3) + addc 10, 10, 9 + addze 8, 8 + ld 11, 40(4) + subfc 11, 11, 10 + subfe 12, 7, 8 + std 11, 80(3) # out5 + std 12, 88(3) + + ld 10, 96(3) + ld 8, 104(3) + addc 10, 10, 9 + addze 9, 8 + ld 11, 48(4) + subfc 11, 11, 10 + subfe 12, 7, 9 + std 11, 96(3) # out6 + std 12, 104(3) + + blr +.size p384_felem_diff_128_64,.-p384_felem_diff_128_64 + +.data +.align 4 +.LConst_128_two64: +#two64m56m8 +.long 0xffffff00, 0xfeffffff, 0x00000000, 0x00000000 +#two64m32m8 +.long 0xffffff00, 0xfffffffe, 0x00000000, 0x00000000 +#two64m8 +.long 0xffffff00, 0xffffffff, 0x00000000, 0x00000000 +#two64p48m16 +.long 0xffff0000, 0x0000ffff, 0x00000001, 0x00000000 + +.LConst_two60: +#two60m52m4 +.long 0xfffffff0, 0x0fefffff, 0x0, 0x0 +#two60p44m12 +.long 0xfffff000, 0x10000fff, 0x0, 0x0 +#two60m28m4 +.long 0xeffffff0, 0x0fffffff, 0x0, 0x0 +#two60m4 +.long 0xfffffff0, 0x0fffffff, 0x0, 0x0 + +.text +# +# static void felem_diff64(felem out, const felem in) +# +.globl p384_felem_diff64 +.type p384_felem_diff64, \@function +.align 4 +p384_felem_diff64: + addis 5, 2, .LConst_two60\@toc\@ha + addi 5, 5, .LConst_two60\@toc\@l + + ld 9, 0(3) + ld 8, 16(5) # two60p44m12 + li 7, 0 + add 9, 9, 8 + ld 11, 0(4) + subf 8, 11, 9 + std 8, 0(3) # out0 + + ld 9, 8(3) + ld 8, 0(5) # two60m52m4 + add 9, 9, 8 + ld 11, 8(4) + subf 11, 11, 9 + std 11, 8(3) # out1 + + ld 9, 16(3) + ld 8, 32(5) # two60m28m4 + add 9, 9, 8 + ld 11, 16(4) + subf 11, 11, 9 + std 11, 16(3) # out2 + + ld 10, 24(3) + ld 9, 48(5) # two60m4 + add 10, 10, 9 + ld 12, 24(4) + subf 12, 12, 10 + std 12, 24(3) # out3 + + ld 10, 32(3) + add 10, 10, 9 + ld 11, 32(4) + subf 11, 11, 10 + std 11, 32(3) # out4 + + ld 10, 40(3) + add 10, 10, 9 + ld 12, 40(4) + subf 12, 12, 10 + std 12, 40(3) # out5 + + ld 10, 48(3) + add 10, 10, 9 + ld 11, 48(4) + subf 11, 11, 10 + std 11, 48(3) # out6 + + blr +.size p384_felem_diff64,.-p384_felem_diff64 + +.text +# +# Shift 128 bits right +# +.macro SHR o_h o_l in_h in_l nbits + srdi \\o_l, \\in_l, \\nbits # shift lower right + rldimi \\o_l, \\in_h, 64-\\nbits, 0 # insert <64-nbits> from hi + srdi \\o_h, \\in_h, \\nbits # shift higher right +.endm + +# +# static void felem_reduce(felem out, const widefelem in) +# +.global p384_felem_reduce +.type p384_felem_reduce,\@function +.align 4 +p384_felem_reduce: + + stdu 1, -208(1) + mflr 0 + std 14, 56(1) + std 15, 64(1) + std 16, 72(1) + std 17, 80(1) + std 18, 88(1) + std 19, 96(1) + std 20, 104(1) + std 21, 112(1) + std 22, 120(1) + std 23, 128(1) + std 24, 136(1) + std 25, 144(1) + std 26, 152(1) + std 27, 160(1) + std 28, 168(1) + std 29, 176(1) + std 30, 184(1) + std 31, 192(1) + + bl _p384_felem_reduce_core + + mtlr 0 + ld 14, 56(1) + ld 15, 64(1) + ld 16, 72(1) + ld 17, 80(1) + ld 18, 88(1) + ld 19, 96(1) + ld 20, 104(1) + ld 21, 112(1) + ld 22, 120(1) + ld 23, 128(1) + ld 24, 136(1) + ld 25, 144(1) + ld 26, 152(1) + ld 27, 160(1) + ld 28, 168(1) + ld 29, 176(1) + ld 30, 184(1) + ld 31, 192(1) + addi 1, 1, 208 + blr +.size p384_felem_reduce,.-p384_felem_reduce + +# +# Felem reduction core function - +# r3 and r4 need to pre-loaded. +# +.type _p384_felem_reduce_core,\@function +.align 4 +_p384_felem_reduce_core: + addis 12, 2, .LConst\@toc\@ha + addi 12, 12, .LConst\@toc\@l + + # load constat p + ld 11, 8(12) # hi - two124m68 + + # acc[6] = in[6] + two124m68; + ld 26, 96(4) # in[6].l + ld 27, 96+8(4) # in[6].h + add 27, 27, 11 + + # acc[5] = in[5] + two124m68; + ld 24, 80(4) # in[5].l + ld 25, 80+8(4) # in[5].h + add 25, 25, 11 + + # acc[4] = in[4] + two124m68; + ld 22, 64(4) # in[4].l + ld 23, 64+8(4) # in[4].h + add 23, 23, 11 + + # acc[3] = in[3] + two124m68; + ld 20, 48(4) # in[3].l + ld 21, 48+8(4) # in[3].h + add 21, 21, 11 + + ld 11, 48+8(12) # hi - two124m92m68 + + # acc[2] = in[2] + two124m92m68; + ld 18, 32(4) # in[2].l + ld 19, 32+8(4) # in[2].h + add 19, 19, 11 + + ld 11, 16+8(12) # high - two124m116m68 + + # acc[1] = in[1] + two124m116m68; + ld 16, 16(4) # in[1].l + ld 17, 16+8(4) # in[1].h + add 17, 17, 11 + + ld 11, 32+8(12) # high - two124p108m76 + + # acc[0] = in[0] + two124p108m76; + ld 14, 0(4) # in[0].l + ld 15, 0+8(4) # in[0].h + add 15, 15, 11 + + # compute mask + li 7, -1 + + # Eliminate in[12] + + # acc[8] += in[12] >> 32; + ld 5, 192(4) # in[12].l + ld 6, 192+8(4) # in[12].h + SHR 9, 10, 6, 5, 32 + ld 30, 128(4) # in[8].l + ld 31, 136(4) # in[8].h + addc 30, 30, 10 + adde 31, 31, 9 + + # acc[7] += (in[12] & 0xffffffff) << 24; + srdi 11, 7, 32 # 0xffffffff + and 11, 11, 5 + sldi 11, 11, 24 # << 24 + ld 28, 112(4) # in[7].l + ld 29, 120(4) # in[7].h + addc 28, 28, 11 + addze 29, 29 + + # acc[7] += in[12] >> 8; + SHR 9, 10, 6, 5, 8 + addc 28, 28, 10 + adde 29, 29, 9 + + # acc[6] += (in[12] & 0xff) << 48; + andi. 11, 5, 0xff + sldi 11, 11, 48 + addc 26, 26, 11 + addze 27, 27 + + # acc[6] -= in[12] >> 16; + SHR 9, 10, 6, 5, 16 + subfc 26, 10, 26 + subfe 27, 9, 27 + + # acc[5] -= (in[12] & 0xffff) << 40; + srdi 11, 7, 48 # 0xffff + and 11, 11, 5 + sldi 11, 11, 40 # << 40 + li 9, 0 + subfc 24, 11, 24 + subfe 25, 9, 25 + + # acc[6] += in[12] >> 48; + SHR 9, 10, 6, 5, 48 + addc 26, 26, 10 + adde 27, 27, 9 + + # acc[5] += (in[12] & 0xffffffffffff) << 8; + srdi 11, 7, 16 # 0xffffffffffff + and 11, 11, 5 + sldi 11, 11, 8 # << 8 + addc 24, 24, 11 + addze 25, 25 + + # Eliminate in[11] + + # acc[7] += in[11] >> 32; + ld 5, 176(4) # in[11].l + ld 6, 176+8(4) # in[11].h + SHR 9, 10, 6, 5, 32 + addc 28, 28, 10 + adde 29, 29, 9 + + # acc[6] += (in[11] & 0xffffffff) << 24; + srdi 11, 7, 32 # 0xffffffff + and 11, 11, 5 + sldi 11, 11, 24 # << 24 + addc 26, 26, 11 + addze 27, 27 + + # acc[6] += in[11] >> 8; + SHR 9, 10, 6, 5, 8 + addc 26, 26, 10 + adde 27, 27, 9 + + # acc[5] += (in[11] & 0xff) << 48; + andi. 11, 5, 0xff + sldi 11, 11, 48 + addc 24, 24, 11 + addze 25, 25 + + # acc[5] -= in[11] >> 16; + SHR 9, 10, 6, 5, 16 + subfc 24, 10, 24 + subfe 25, 9, 25 + + # acc[4] -= (in[11] & 0xffff) << 40; + srdi 11, 7, 48 # 0xffff + and 11, 11, 5 + sldi 11, 11, 40 # << 40 + li 9, 0 + subfc 22, 11, 22 + subfe 23, 9, 23 + + # acc[5] += in[11] >> 48; + SHR 9, 10, 6, 5, 48 + addc 24, 24, 10 + adde 25, 25, 9 + + # acc[4] += (in[11] & 0xffffffffffff) << 8; + srdi 11, 7, 16 # 0xffffffffffff + and 11, 11, 5 + sldi 11, 11, 8 # << 8 + addc 22, 22, 11 + addze 23, 23 + + # Eliminate in[10] + + # acc[6] += in[10] >> 32; + ld 5, 160(4) # in[10].l + ld 6, 160+8(4) # in[10].h + SHR 9, 10, 6, 5, 32 + addc 26, 26, 10 + adde 27, 27, 9 + + # acc[5] += (in[10] & 0xffffffff) << 24; + srdi 11, 7, 32 # 0xffffffff + and 11, 11, 5 + sldi 11, 11, 24 # << 24 + addc 24, 24, 11 + addze 25, 25 + + # acc[5] += in[10] >> 8; + SHR 9, 10, 6, 5, 8 + addc 24, 24, 10 + adde 25, 25, 9 + + # acc[4] += (in[10] & 0xff) << 48; + andi. 11, 5, 0xff + sldi 11, 11, 48 + addc 22, 22, 11 + addze 23, 23 + + # acc[4] -= in[10] >> 16; + SHR 9, 10, 6, 5, 16 + subfc 22, 10, 22 + subfe 23, 9, 23 + + # acc[3] -= (in[10] & 0xffff) << 40; + srdi 11, 7, 48 # 0xffff + and 11, 11, 5 + sldi 11, 11, 40 # << 40 + li 9, 0 + subfc 20, 11, 20 + subfe 21, 9, 21 + + # acc[4] += in[10] >> 48; + SHR 9, 10, 6, 5, 48 + addc 22, 22, 10 + adde 23, 23, 9 + + # acc[3] += (in[10] & 0xffffffffffff) << 8; + srdi 11, 7, 16 # 0xffffffffffff + and 11, 11, 5 + sldi 11, 11, 8 # << 8 + addc 20, 20, 11 + addze 21, 21 + + # Eliminate in[9] + + # acc[5] += in[9] >> 32; + ld 5, 144(4) # in[9].l + ld 6, 144+8(4) # in[9].h + SHR 9, 10, 6, 5, 32 + addc 24, 24, 10 + adde 25, 25, 9 + + # acc[4] += (in[9] & 0xffffffff) << 24; + srdi 11, 7, 32 # 0xffffffff + and 11, 11, 5 + sldi 11, 11, 24 # << 24 + addc 22, 22, 11 + addze 23, 23 + + # acc[4] += in[9] >> 8; + SHR 9, 10, 6, 5, 8 + addc 22, 22, 10 + adde 23, 23, 9 + + # acc[3] += (in[9] & 0xff) << 48; + andi. 11, 5, 0xff + sldi 11, 11, 48 + addc 20, 20, 11 + addze 21, 21 + + # acc[3] -= in[9] >> 16; + SHR 9, 10, 6, 5, 16 + subfc 20, 10, 20 + subfe 21, 9, 21 + + # acc[2] -= (in[9] & 0xffff) << 40; + srdi 11, 7, 48 # 0xffff + and 11, 11, 5 + sldi 11, 11, 40 # << 40 + li 9, 0 + subfc 18, 11, 18 + subfe 19, 9, 19 + + # acc[3] += in[9] >> 48; + SHR 9, 10, 6, 5, 48 + addc 20, 20, 10 + adde 21, 21, 9 + + # acc[2] += (in[9] & 0xffffffffffff) << 8; + srdi 11, 7, 16 # 0xffffffffffff + and 11, 11, 5 + sldi 11, 11, 8 # << 8 + addc 18, 18, 11 + addze 19, 19 + + # Eliminate acc[8] + + # acc[4] += acc[8] >> 32; + mr 5, 30 # acc[8].l + mr 6, 31 # acc[8].h + SHR 9, 10, 6, 5, 32 + addc 22, 22, 10 + adde 23, 23, 9 + + # acc[3] += (acc[8] & 0xffffffff) << 24; + srdi 11, 7, 32 # 0xffffffff + and 11, 11, 5 + sldi 11, 11, 24 # << 24 + addc 20, 20, 11 + addze 21, 21 + + # acc[3] += acc[8] >> 8; + SHR 9, 10, 6, 5, 8 + addc 20, 20, 10 + adde 21, 21, 9 + + # acc[2] += (acc[8] & 0xff) << 48; + andi. 11, 5, 0xff + sldi 11, 11, 48 + addc 18, 18, 11 + addze 19, 19 + + # acc[2] -= acc[8] >> 16; + SHR 9, 10, 6, 5, 16 + subfc 18, 10, 18 + subfe 19, 9, 19 + + # acc[1] -= (acc[8] & 0xffff) << 40; + srdi 11, 7, 48 # 0xffff + and 11, 11, 5 + sldi 11, 11, 40 # << 40 + li 9, 0 + subfc 16, 11, 16 + subfe 17, 9, 17 + + #acc[2] += acc[8] >> 48; + SHR 9, 10, 6, 5, 48 + addc 18, 18, 10 + adde 19, 19, 9 + + # acc[1] += (acc[8] & 0xffffffffffff) << 8; + srdi 11, 7, 16 # 0xffffffffffff + and 11, 11, 5 + sldi 11, 11, 8 # << 8 + addc 16, 16, 11 + addze 17, 17 + + # Eliminate acc[7] + + # acc[3] += acc[7] >> 32; + mr 5, 28 # acc[7].l + mr 6, 29 # acc[7].h + SHR 9, 10, 6, 5, 32 + addc 20, 20, 10 + adde 21, 21, 9 + + # acc[2] += (acc[7] & 0xffffffff) << 24; + srdi 11, 7, 32 # 0xffffffff + and 11, 11, 5 + sldi 11, 11, 24 # << 24 + addc 18, 18, 11 + addze 19, 19 + + # acc[2] += acc[7] >> 8; + SHR 9, 10, 6, 5, 8 + addc 18, 18, 10 + adde 19, 19, 9 + + # acc[1] += (acc[7] & 0xff) << 48; + andi. 11, 5, 0xff + sldi 11, 11, 48 + addc 16, 16, 11 + addze 17, 17 + + # acc[1] -= acc[7] >> 16; + SHR 9, 10, 6, 5, 16 + subfc 16, 10, 16 + subfe 17, 9, 17 + + # acc[0] -= (acc[7] & 0xffff) << 40; + srdi 11, 7, 48 # 0xffff + and 11, 11, 5 + sldi 11, 11, 40 # << 40 + li 9, 0 + subfc 14, 11, 14 + subfe 15, 9, 15 + + # acc[1] += acc[7] >> 48; + SHR 9, 10, 6, 5, 48 + addc 16, 16, 10 + adde 17, 17, 9 + + # acc[0] += (acc[7] & 0xffffffffffff) << 8; + srdi 11, 7, 16 # 0xffffffffffff + and 11, 11, 5 + sldi 11, 11, 8 # << 8 + addc 14, 14, 11 + addze 15, 15 + + # + # Carry 4 -> 5 -> 6 + # + # acc[5] += acc[4] >> 56; + # acc[4] &= 0x00ffffffffffffff; + SHR 9, 10, 23, 22, 56 + addc 24, 24, 10 + adde 25, 25, 9 + srdi 11, 7, 8 # 0x00ffffffffffffff + and 22, 22, 11 + li 23, 0 + + # acc[6] += acc[5] >> 56; + # acc[5] &= 0x00ffffffffffffff; + SHR 9, 10, 25, 24, 56 + addc 26, 26, 10 + adde 27, 27, 9 + and 24, 24, 11 + li 25, 0 + + # [3]: Eliminate high bits of acc[6] */ + # temp = acc[6] >> 48; + # acc[6] &= 0x0000ffffffffffff; + SHR 31, 30, 27, 26, 48 # temp = acc[6] >> 48 + srdi 11, 7, 16 # 0x0000ffffffffffff + and 26, 26, 11 + li 27, 0 + + # temp < 2^80 + # acc[3] += temp >> 40; + SHR 9, 10, 31, 30, 40 + addc 20, 20, 10 + adde 21, 21, 9 + + # acc[2] += (temp & 0xffffffffff) << 16; + srdi 11, 7, 24 # 0xffffffffff + and 10, 30, 11 + sldi 10, 10, 16 + addc 18, 18, 10 + addze 19, 19 + + # acc[2] += temp >> 16; + SHR 9, 10, 31, 30, 16 + addc 18, 18, 10 + adde 19, 19, 9 + + # acc[1] += (temp & 0xffff) << 40; + srdi 11, 7, 48 # 0xffff + and 10, 30, 11 + sldi 10, 10, 40 + addc 16, 16, 10 + addze 17, 17 + + # acc[1] -= temp >> 24; + SHR 9, 10, 31, 30, 24 + subfc 16, 10, 16 + subfe 17, 9, 17 + + # acc[0] -= (temp & 0xffffff) << 32; + srdi 11, 7, 40 # 0xffffff + and 10, 30, 11 + sldi 10, 10, 32 + li 9, 0 + subfc 14, 10, 14 + subfe 15, 9, 15 + + # acc[0] += temp; + addc 14, 14, 30 + adde 15, 15, 31 + + # Carry 0 -> 1 -> 2 -> 3 -> 4 -> 5 -> 6 + # + # acc[1] += acc[0] >> 56; /* acc[1] < acc_old[1] + 2^72 */ + SHR 9, 10, 15, 14, 56 + addc 16, 16, 10 + adde 17, 17, 9 + + # acc[0] &= 0x00ffffffffffffff; + srdi 11, 7, 8 # 0x00ffffffffffffff + and 14, 14, 11 + li 15, 0 + + # acc[2] += acc[1] >> 56; /* acc[2] < acc_old[2] + 2^72 + 2^16 */ + SHR 9, 10, 17, 16, 56 + addc 18, 18, 10 + adde 19, 19, 9 + + # acc[1] &= 0x00ffffffffffffff; + and 16, 16, 11 + li 17, 0 + + # acc[3] += acc[2] >> 56; /* acc[3] < acc_old[3] + 2^72 + 2^16 */ + SHR 9, 10, 19, 18, 56 + addc 20, 20, 10 + adde 21, 21, 9 + + # acc[2] &= 0x00ffffffffffffff; + and 18, 18, 11 + li 19, 0 + + # acc[4] += acc[3] >> 56; + SHR 9, 10, 21, 20, 56 + addc 22, 22, 10 + adde 23, 23, 9 + + # acc[3] &= 0x00ffffffffffffff; + and 20, 20, 11 + li 21, 0 + + # acc[5] += acc[4] >> 56; + SHR 9, 10, 23, 22, 56 + addc 24, 24, 10 + adde 25, 25, 9 + + # acc[4] &= 0x00ffffffffffffff; + and 22, 22, 11 + + # acc[6] += acc[5] >> 56; + SHR 9, 10, 25, 24, 56 + addc 26, 26, 10 + adde 27, 27, 9 + + # acc[5] &= 0x00ffffffffffffff; + and 24, 24, 11 + + std 14, 0(3) + std 16, 8(3) + std 18, 16(3) + std 20, 24(3) + std 22, 32(3) + std 24, 40(3) + std 26, 48(3) + blr +.size _p384_felem_reduce_core,.-_p384_felem_reduce_core + +.data +.align 4 +.LConst: +# two124m68: +.long 0x0, 0x0, 0xfffffff0, 0xfffffff +# two124m116m68: +.long 0x0, 0x0, 0xfffffff0, 0xfefffff +#two124p108m76: +.long 0x0, 0x0, 0xfffff000, 0x10000fff +#two124m92m68: +.long 0x0, 0x0, 0xeffffff0, 0xfffffff + +.text + +# +# void p384_felem_square_reduce(felem out, const felem in) +# +.global p384_felem_square_reduce +.type p384_felem_square_reduce,\@function +.align 4 +p384_felem_square_reduce: + stdu 1, -512(1) + mflr 0 + std 14, 56(1) + std 15, 64(1) + std 16, 72(1) + std 17, 80(1) + std 18, 88(1) + std 19, 96(1) + std 20, 104(1) + std 21, 112(1) + std 22, 120(1) + std 23, 128(1) + std 24, 136(1) + std 25, 144(1) + std 26, 152(1) + std 27, 160(1) + std 28, 168(1) + std 29, 176(1) + std 30, 184(1) + std 31, 192(1) + + std 3, 496(1) + addi 3, 1, 208 + bl _p384_felem_square_core + + mr 4, 3 + ld 3, 496(1) + bl _p384_felem_reduce_core + + ld 14, 56(1) + ld 15, 64(1) + ld 16, 72(1) + ld 17, 80(1) + ld 18, 88(1) + ld 19, 96(1) + ld 20, 104(1) + ld 21, 112(1) + ld 22, 120(1) + ld 23, 128(1) + ld 24, 136(1) + ld 25, 144(1) + ld 26, 152(1) + ld 27, 160(1) + ld 28, 168(1) + ld 29, 176(1) + ld 30, 184(1) + ld 31, 192(1) + addi 1, 1, 512 + mtlr 0 + blr +.size p384_felem_square_reduce,.-p384_felem_square_reduce + +# +# void p384_felem_mul_reduce(felem out, const felem in1, const felem in2) +# +.global p384_felem_mul_reduce +.type p384_felem_mul_reduce,\@function +.align 5 +p384_felem_mul_reduce: + stdu 1, -512(1) + mflr 0 + std 14, 56(1) + std 15, 64(1) + std 16, 72(1) + std 17, 80(1) + std 18, 88(1) + std 19, 96(1) + std 20, 104(1) + std 21, 112(1) + std 22, 120(1) + std 23, 128(1) + std 24, 136(1) + std 25, 144(1) + std 26, 152(1) + std 27, 160(1) + std 28, 168(1) + std 29, 176(1) + std 30, 184(1) + std 31, 192(1) + + std 3, 496(1) + addi 3, 1, 208 + bl _p384_felem_mul_core + + mr 4, 3 + ld 3, 496(1) + bl _p384_felem_reduce_core + + ld 14, 56(1) + ld 15, 64(1) + ld 16, 72(1) + ld 17, 80(1) + ld 18, 88(1) + ld 19, 96(1) + ld 20, 104(1) + ld 21, 112(1) + ld 22, 120(1) + ld 23, 128(1) + ld 24, 136(1) + ld 25, 144(1) + ld 26, 152(1) + ld 27, 160(1) + ld 28, 168(1) + ld 29, 176(1) + ld 30, 184(1) + ld 31, 192(1) + addi 1, 1, 512 + mtlr 0 + blr +.size p384_felem_mul_reduce,.-p384_felem_mul_reduce ___ -{ - # mul/square common - my ($t1, $t2, $t3, $t4) = ("v33", "v34", "v42", "v43"); - my ($zero, $one) = ("r8", "r9"); - my $out = "v51"; - - { - # - # p384_felem_mul - # - - my ($in1p, $in2p) = ("r4", "r5"); - my @in1 = map("v$_",(44..50)); - my @in2 = map("v$_",(35..41)); - - startproc("p384_felem_mul"); - - $code.=<<___; - vspltisw $vzero,0 - -___ - - load_vrs($in1p, \@in1); - load_vrs($in2p, \@in2); - - $code.=<<___; - vmsumudm $out,$in1[0],$in2[0],$vzero - stxv $out,0($outp) - - xxpermdi $t1,$in1[0],$in1[1],0b00 - xxpermdi $t2,$in2[1],$in2[0],0b00 - vmsumudm $out,$t1,$t2,$vzero - stxv $out,16($outp) - - xxpermdi $t2,$in2[2],$in2[1],0b00 - vmsumudm $out,$t1,$t2,$vzero - vmsumudm $out,$in1[2],$in2[0],$out - stxv $out,32($outp) - - xxpermdi $t2,$in2[1],$in2[0],0b00 - xxpermdi $t3,$in1[2],$in1[3],0b00 - xxpermdi $t4,$in2[3],$in2[2],0b00 - vmsumudm $out,$t1,$t4,$vzero - vmsumudm $out,$t3,$t2,$out - stxv $out,48($outp) - - xxpermdi $t2,$in2[4],$in2[3],0b00 - xxpermdi $t4,$in2[2],$in2[1],0b00 - vmsumudm $out,$t1,$t2,$vzero - vmsumudm $out,$t3,$t4,$out - vmsumudm $out,$in1[4],$in2[0],$out - stxv $out,64($outp) - - xxpermdi $t2,$in2[5],$in2[4],0b00 - xxpermdi $t4,$in2[3],$in2[2],0b00 - vmsumudm $out,$t1,$t2,$vzero - vmsumudm $out,$t3,$t4,$out - xxpermdi $t4,$in2[1],$in2[0],0b00 - xxpermdi $t1,$in1[4],$in1[5],0b00 - vmsumudm $out,$t1,$t4,$out - stxv $out,80($outp) - - xxpermdi $t1,$in1[0],$in1[1],0b00 - xxpermdi $t2,$in2[6],$in2[5],0b00 - xxpermdi $t4,$in2[4],$in2[3],0b00 - vmsumudm $out,$t1,$t2,$vzero - vmsumudm $out,$t3,$t4,$out - xxpermdi $t2,$in2[2],$in2[1],0b00 - xxpermdi $t1,$in1[4],$in1[5],0b00 - vmsumudm $out,$t1,$t2,$out - vmsumudm $out,$in1[6],$in2[0],$out - stxv $out,96($outp) - - xxpermdi $t1,$in1[1],$in1[2],0b00 - xxpermdi $t2,$in2[6],$in2[5],0b00 - xxpermdi $t3,$in1[3],$in1[4],0b00 - vmsumudm $out,$t1,$t2,$vzero - vmsumudm $out,$t3,$t4,$out - xxpermdi $t3,$in2[2],$in2[1],0b00 - xxpermdi $t1,$in1[5],$in1[6],0b00 - vmsumudm $out,$t1,$t3,$out - stxv $out,112($outp) - - xxpermdi $t1,$in1[2],$in1[3],0b00 - xxpermdi $t3,$in1[4],$in1[5],0b00 - vmsumudm $out,$t1,$t2,$vzero - vmsumudm $out,$t3,$t4,$out - vmsumudm $out,$in1[6],$in2[2],$out - stxv $out,128($outp) - - xxpermdi $t1,$in1[3],$in1[4],0b00 - vmsumudm $out,$t1,$t2,$vzero - xxpermdi $t1,$in1[5],$in1[6],0b00 - vmsumudm $out,$t1,$t4,$out - stxv $out,144($outp) - - vmsumudm $out,$t3,$t2,$vzero - vmsumudm $out,$in1[6],$in2[4],$out - stxv $out,160($outp) - - vmsumudm $out,$t1,$t2,$vzero - stxv $out,176($outp) - - vmsumudm $out,$in1[6],$in2[6],$vzero - stxv $out,192($outp) -___ - - endproc("p384_felem_mul"); - } - - { - # - # p384_felem_square - # - - my ($inp) = ("r4"); - my @in = map("v$_",(44..50)); - my @inx2 = map("v$_",(35..41)); - - startproc("p384_felem_square"); - - $code.=<<___; - vspltisw $vzero,0 - -___ - - load_vrs($inp, \@in); - - $code.=<<___; - li $zero,0 - li $one,1 - mtvsrdd $t1,$one,$zero -___ - - for (my $i = 0; $i <= 6; $i++) { - $code.=<<___; - vsld $inx2[$i],$in[$i],$t1 -___ - } - - $code.=<<___; - vmsumudm $out,$in[0],$in[0],$vzero - stxv $out,0($outp) - - vmsumudm $out,$in[0],$inx2[1],$vzero - stxv $out,16($outp) - - vmsumudm $out,$in[0],$inx2[2],$vzero - vmsumudm $out,$in[1],$in[1],$out - stxv $out,32($outp) - - xxpermdi $t1,$in[0],$in[1],0b00 - xxpermdi $t2,$inx2[3],$inx2[2],0b00 - vmsumudm $out,$t1,$t2,$vzero - stxv $out,48($outp) - - xxpermdi $t4,$inx2[4],$inx2[3],0b00 - vmsumudm $out,$t1,$t4,$vzero - vmsumudm $out,$in[2],$in[2],$out - stxv $out,64($outp) - - xxpermdi $t2,$inx2[5],$inx2[4],0b00 - vmsumudm $out,$t1,$t2,$vzero - vmsumudm $out,$in[2],$inx2[3],$out - stxv $out,80($outp) - - xxpermdi $t2,$inx2[6],$inx2[5],0b00 - vmsumudm $out,$t1,$t2,$vzero - vmsumudm $out,$in[2],$inx2[4],$out - vmsumudm $out,$in[3],$in[3],$out - stxv $out,96($outp) - - xxpermdi $t3,$in[1],$in[2],0b00 - vmsumudm $out,$t3,$t2,$vzero - vmsumudm $out,$in[3],$inx2[4],$out - stxv $out,112($outp) - - xxpermdi $t1,$in[2],$in[3],0b00 - vmsumudm $out,$t1,$t2,$vzero - vmsumudm $out,$in[4],$in[4],$out - stxv $out,128($outp) - - xxpermdi $t1,$in[3],$in[4],0b00 - vmsumudm $out,$t1,$t2,$vzero - stxv $out,144($outp) - - vmsumudm $out,$in[4],$inx2[6],$vzero - vmsumudm $out,$in[5],$in[5],$out - stxv $out,160($outp) - - vmsumudm $out,$in[5],$inx2[6],$vzero - stxv $out,176($outp) - - vmsumudm $out,$in[6],$in[6],$vzero - stxv $out,192($outp) -___ - - endproc("p384_felem_square"); - } -} - $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/ec/asm/ecp_sm2p256-armv8.pl b/crypto/ec/asm/ecp_sm2p256-armv8.pl index de2f96964d..59e0b190e1 100644 --- a/crypto/ec/asm/ecp_sm2p256-armv8.pl +++ b/crypto/ec/asm/ecp_sm2p256-armv8.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ec/curve448/arch_64/f_impl64.c b/crypto/ec/curve448/arch_64/f_impl64.c index c8f7671788..06cc33a964 100644 --- a/crypto/ec/curve448/arch_64/f_impl64.c +++ b/crypto/ec/curve448/arch_64/f_impl64.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2014 Cryptography Research, Inc. * * Licensed under the Apache License 2.0 (the "License"). You may not use diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index b32697fb85..643d2d8d7b 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -1156,7 +1156,7 @@ int i2o_ECPublicKey(const EC_KEY *a, unsigned char **out) size_t buf_len = 0; int new_buffer = 0; - if (a == NULL) { + if (a == NULL || a->pub_key == NULL) { ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); return 0; } diff --git a/crypto/ec/ec_backend.c b/crypto/ec/ec_backend.c index b9ebc96465..37cc01b466 100644 --- a/crypto/ec/ec_backend.c +++ b/crypto/ec/ec_backend.c @@ -617,14 +617,8 @@ EC_KEY *ossl_ec_key_dup(const EC_KEY *src, int selection) || !EC_GROUP_copy(ret->group, src->group)) goto err; - if (src->meth != NULL) { -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - if (src->engine != NULL && ENGINE_init(src->engine) == 0) - goto err; - ret->engine = src->engine; -#endif + if (src->meth != NULL) ret->meth = src->meth; - } } /* copy the public key */ diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c index 9bc4e032c5..68c8501711 100644 --- a/crypto/ec/ec_key.c +++ b/crypto/ec/ec_key.c @@ -76,7 +76,7 @@ void EC_KEY_free(EC_KEY *r) return; CRYPTO_DOWN_REF(&r->references, &i); - REF_PRINT_COUNT("EC_KEY", r); + REF_PRINT_COUNT("EC_KEY", i, r); if (i > 0) return; REF_ASSERT_ISNT(i < 0); @@ -197,7 +197,7 @@ int EC_KEY_up_ref(EC_KEY *r) if (CRYPTO_UP_REF(&r->references, &i) <= 0) return 0; - REF_PRINT_COUNT("EC_KEY", r); + REF_PRINT_COUNT("EC_KEY", i, r); REF_ASSERT_ISNT(i < 2); return ((i > 1) ? 1 : 0); } @@ -256,10 +256,7 @@ static int ecdsa_keygen_knownanswer_test(EC_KEY *eckey, BN_CTX *ctx, int len, ret = 0; OSSL_SELF_TEST *st = NULL; unsigned char bytes[512] = {0}; - EC_POINT *pub_key2 = EC_POINT_new(eckey->group); - - if (pub_key2 == NULL) - return 0; + EC_POINT *pub_key2 = NULL; st = OSSL_SELF_TEST_new(cb, cbarg); if (st == NULL) @@ -268,6 +265,9 @@ static int ecdsa_keygen_knownanswer_test(EC_KEY *eckey, BN_CTX *ctx, OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_PCT_KAT, OSSL_SELF_TEST_DESC_PCT_ECDSA); + if ((pub_key2 = EC_POINT_new(eckey->group)) == NULL) + goto err; + /* pub_key = priv_key * G (where G is a point on the curve) */ if (!EC_POINT_mul(eckey->group, pub_key2, eckey->priv_key, NULL, NULL, ctx)) goto err; diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index c92b4dcb0a..7226e94026 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -21,6 +21,7 @@ #include #include #include "crypto/ec.h" +#include "crypto/bn.h" #include "internal/nelem.h" #include "ec_local.h" @@ -1261,10 +1262,10 @@ static int ec_field_inverse_mod_ord(const EC_GROUP *group, BIGNUM *r, if (!BN_sub(e, group->order, e)) goto err; /*- - * Exponent e is public. - * No need for scatter-gather or BN_FLG_CONSTTIME. + * Although the exponent is public we want the result to be + * fixed top. */ - if (!BN_mod_exp_mont(r, x, e, group->order, ctx, group->mont_data)) + if (!bn_mod_exp_mont_fixed_top(r, x, e, group->order, ctx, group->mont_data)) goto err; ret = 1; diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index 9eb007cdf9..e9092a6c9d 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -85,7 +85,7 @@ void EC_ec_pre_comp_free(EC_PRE_COMP *pre) return; CRYPTO_DOWN_REF(&pre->references, &i); - REF_PRINT_COUNT("EC_ec", pre); + REF_PRINT_COUNT("EC_ec", i, pre); if (i > 0) return; REF_ASSERT_ISNT(i < 0); diff --git a/crypto/ec/ec_oct.c b/crypto/ec/ec_oct.c index 0ad3394c82..886e5fd310 100644 --- a/crypto/ec/ec_oct.c +++ b/crypto/ec/ec_oct.c @@ -74,6 +74,10 @@ size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point, point_conversion_form_t form, unsigned char *buf, size_t len, BN_CTX *ctx) { + if (point == NULL) { + ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } if (group->meth->point2oct == 0 && !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) { ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); diff --git a/crypto/ec/ecdsa_ossl.c b/crypto/ec/ecdsa_ossl.c index 0da33799e4..6104e5cbfc 100644 --- a/crypto/ec/ecdsa_ossl.c +++ b/crypto/ec/ecdsa_ossl.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -77,6 +77,11 @@ int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen, { ECDSA_SIG *s; + if (sig == NULL && (kinv == NULL || r == NULL)) { + *siglen = ECDSA_size(eckey); + return 1; + } + s = ECDSA_do_sign_ex(dgst, dlen, kinv, r, eckey); if (s == NULL) { *siglen = 0; @@ -97,6 +102,15 @@ int ossl_ecdsa_deterministic_sign(const unsigned char *dgst, int dlen, BIGNUM *kinv = NULL, *r = NULL; int ret = 0; + if (sig == NULL) { + ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (digestname == NULL) { + ERR_raise(ERR_LIB_EC, EC_R_INVALID_DIGEST); + return 0; + } + *siglen = 0; if (!ecdsa_sign_setup(eckey, NULL, &kinv, &r, dgst, dlen, nonce_type, digestname, libctx, propq)) @@ -106,7 +120,7 @@ int ossl_ecdsa_deterministic_sign(const unsigned char *dgst, int dlen, if (s == NULL) goto end; - *siglen = i2d_ECDSA_SIG(s, sig != NULL ? &sig : NULL); + *siglen = i2d_ECDSA_SIG(s, &sig); ECDSA_SIG_free(s); ret = 1; end: @@ -162,7 +176,11 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); goto err; } - order = EC_GROUP_get0_order(group); + + if ((order = EC_GROUP_get0_order(group)) == NULL) { + ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); + goto err; + } /* Preallocate space */ order_bits = BN_num_bits(order); @@ -188,17 +206,17 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, libctx, propq); #endif } else { - res = BN_generate_dsa_nonce(k, order, priv_key, dgst, dlen, - ctx); + res = ossl_bn_gen_dsa_nonce_fixed_top(k, order, priv_key, + dgst, dlen, ctx); } } else { - res = BN_priv_rand_range_ex(k, order, 0, ctx); + res = ossl_bn_priv_rand_range_fixed_top(k, order, 0, ctx); } if (!res) { ERR_raise(ERR_LIB_EC, EC_R_RANDOM_NUMBER_GENERATION_FAILED); goto err; } - } while (BN_is_zero(k)); + } while (ossl_bn_is_word_fixed_top(k, 0)); /* compute r the x-coordinate of generator * k */ if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) { @@ -298,7 +316,11 @@ ECDSA_SIG *ossl_ecdsa_simple_sign_sig(const unsigned char *dgst, int dgst_len, goto err; } - order = EC_GROUP_get0_order(group); + if ((order = EC_GROUP_get0_order(group)) == NULL) { + ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); + goto err; + } + i = BN_num_bits(order); /* * Need to truncate digest if it is too long: first truncate whole bytes. diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c index debfdb3dc9..6485f46f71 100644 --- a/crypto/ec/ecp_nistp224.c +++ b/crypto/ec/ecp_nistp224.c @@ -1264,7 +1264,7 @@ void EC_nistp224_pre_comp_free(NISTP224_PRE_COMP *p) return; CRYPTO_DOWN_REF(&p->references, &i); - REF_PRINT_COUNT("EC_nistp224", p); + REF_PRINT_COUNT("EC_nistp224", i, p); if (i > 0) return; REF_ASSERT_ISNT(i < 0); diff --git a/crypto/ec/ecp_nistp256.c b/crypto/ec/ecp_nistp256.c index d28306a6bd..2cf4212685 100644 --- a/crypto/ec/ecp_nistp256.c +++ b/crypto/ec/ecp_nistp256.c @@ -1874,7 +1874,7 @@ void EC_nistp256_pre_comp_free(NISTP256_PRE_COMP *pre) return; CRYPTO_DOWN_REF(&pre->references, &i); - REF_PRINT_COUNT("EC_nistp256", pre); + REF_PRINT_COUNT("EC_nistp256", i, pre); if (i > 0) return; REF_ASSERT_ISNT(i < 0); diff --git a/crypto/ec/ecp_nistp384.c b/crypto/ec/ecp_nistp384.c index ff68f9cc7a..e0b5786bc1 100644 --- a/crypto/ec/ecp_nistp384.c +++ b/crypto/ec/ecp_nistp384.c @@ -252,6 +252,16 @@ static void felem_neg(felem out, const felem in) out[6] = two60m4 - in[6]; } +#if defined(ECP_NISTP384_ASM) +void p384_felem_diff64(felem out, const felem in); +void p384_felem_diff128(widefelem out, const widefelem in); +void p384_felem_diff_128_64(widefelem out, const felem in); + +# define felem_diff64 p384_felem_diff64 +# define felem_diff128 p384_felem_diff128 +# define felem_diff_128_64 p384_felem_diff_128_64 + +#else /*- * felem_diff64 subtracts |in| from |out| * On entry: @@ -369,6 +379,7 @@ static void felem_diff128(widefelem out, const widefelem in) for (i = 0; i < 2*NLIMBS-1; i++) out[i] -= in[i]; } +#endif /* ECP_NISTP384_ASM */ static void felem_square_ref(widefelem out, const felem in) { @@ -503,7 +514,7 @@ static void felem_mul_ref(widefelem out, const felem in1, const felem in2) * [3]: Y = 2^48 (acc[6] >> 48) * (Where a | b | c | d = (2^56)^3 a + (2^56)^2 b + (2^56) c + d) */ -static void felem_reduce(felem out, const widefelem in) +static void felem_reduce_ref(felem out, const widefelem in) { /* * In order to prevent underflow, we add a multiple of p before subtracting. @@ -682,8 +693,11 @@ static void (*felem_square_p)(widefelem out, const felem in) = static void (*felem_mul_p)(widefelem out, const felem in1, const felem in2) = felem_mul_wrapper; +static void (*felem_reduce_p)(felem out, const widefelem in) = felem_reduce_ref; + void p384_felem_square(widefelem out, const felem in); void p384_felem_mul(widefelem out, const felem in1, const felem in2); +void p384_felem_reduce(felem out, const widefelem in); # if defined(_ARCH_PPC64) # include "crypto/ppc_arch.h" @@ -695,6 +709,7 @@ static void felem_select(void) if ((OPENSSL_ppccap_P & PPC_MADD300) && (OPENSSL_ppccap_P & PPC_ALTIVEC)) { felem_square_p = p384_felem_square; felem_mul_p = p384_felem_mul; + felem_reduce_p = p384_felem_reduce; return; } @@ -703,6 +718,7 @@ static void felem_select(void) /* Default */ felem_square_p = felem_square_ref; felem_mul_p = felem_mul_ref; + felem_reduce_p = p384_felem_reduce; } static void felem_square_wrapper(widefelem out, const felem in) @@ -719,10 +735,17 @@ static void felem_mul_wrapper(widefelem out, const felem in1, const felem in2) # define felem_square felem_square_p # define felem_mul felem_mul_p +# define felem_reduce felem_reduce_p + +void p384_felem_square_reduce(felem out, const felem in); +void p384_felem_mul_reduce(felem out, const felem in1, const felem in2); + +# define felem_square_reduce p384_felem_square_reduce +# define felem_mul_reduce p384_felem_mul_reduce #else # define felem_square felem_square_ref # define felem_mul felem_mul_ref -#endif +# define felem_reduce felem_reduce_ref static ossl_inline void felem_square_reduce(felem out, const felem in) { @@ -739,6 +762,7 @@ static ossl_inline void felem_mul_reduce(felem out, const felem in1, const felem felem_mul(tmp, in1, in2); felem_reduce(out, tmp); } +#endif /*- * felem_inv calculates |out| = |in|^{-1} @@ -1560,7 +1584,7 @@ void ossl_ec_nistp384_pre_comp_free(NISTP384_PRE_COMP *p) return; CRYPTO_DOWN_REF(&p->references, &i); - REF_PRINT_COUNT("ossl_ec_nistp384", p); + REF_PRINT_COUNT("ossl_ec_nistp384", i, p); if (i > 0) return; REF_ASSERT_ISNT(i < 0); diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c index db5a9dd5de..fe6836a147 100644 --- a/crypto/ec/ecp_nistp521.c +++ b/crypto/ec/ecp_nistp521.c @@ -1766,7 +1766,7 @@ void EC_nistp521_pre_comp_free(NISTP521_PRE_COMP *p) return; CRYPTO_DOWN_REF(&p->references, &i); - REF_PRINT_COUNT("EC_nistp521", p); + REF_PRINT_COUNT("EC_nistp521", i, p); if (i > 0) return; REF_ASSERT_ISNT(i < 0); diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c index 5760639a2e..827c5c4358 100644 --- a/crypto/ec/ecp_nistz256.c +++ b/crypto/ec/ecp_nistz256.c @@ -1238,7 +1238,7 @@ void EC_nistz256_pre_comp_free(NISTZ256_PRE_COMP *pre) return; CRYPTO_DOWN_REF(&pre->references, &i); - REF_PRINT_COUNT("EC_nistz256", pre); + REF_PRINT_COUNT("EC_nistz256", i, pre); if (i > 0) return; REF_ASSERT_ISNT(i < 0); diff --git a/crypto/ec/ecx_backend.c b/crypto/ec/ecx_backend.c index 2afa5c7063..d21c037841 100644 --- a/crypto/ec/ecx_backend.c +++ b/crypto/ec/ecx_backend.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ec/ecx_key.c b/crypto/ec/ecx_key.c index ba725eb573..aeaf5783d1 100644 --- a/crypto/ec/ecx_key.c +++ b/crypto/ec/ecx_key.c @@ -69,7 +69,7 @@ void ossl_ecx_key_free(ECX_KEY *key) return; CRYPTO_DOWN_REF(&key->references, &i); - REF_PRINT_COUNT("ECX_KEY", key); + REF_PRINT_COUNT("ECX_KEY", i, key); if (i > 0) return; REF_ASSERT_ISNT(i < 0); @@ -92,7 +92,7 @@ int ossl_ecx_key_up_ref(ECX_KEY *key) if (CRYPTO_UP_REF(&key->references, &i) <= 0) return 0; - REF_PRINT_COUNT("ECX_KEY", key); + REF_PRINT_COUNT("ECX_KEY", i, key); REF_ASSERT_ISNT(i < 2); return ((i > 1) ? 1 : 0); } diff --git a/crypto/encode_decode/encoder_lib.c b/crypto/encode_decode/encoder_lib.c index 945b5ba148..d1e3aca7a2 100644 --- a/crypto/encode_decode/encoder_lib.c +++ b/crypto/encode_decode/encoder_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/encode_decode/encoder_pkey.c b/crypto/encode_decode/encoder_pkey.c index 29060c5f9d..ac36ffae5e 100644 --- a/crypto/encode_decode/encoder_pkey.c +++ b/crypto/encode_decode/encoder_pkey.c @@ -189,9 +189,13 @@ encoder_construct_pkey(OSSL_ENCODER_INSTANCE *encoder_inst, void *arg) const OSSL_PROVIDER *e_prov = OSSL_ENCODER_get0_provider(encoder); if (k_prov != e_prov) { + int selection = data->selection; + + if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) + selection |= OSSL_KEYMGMT_SELECT_PUBLIC_KEY; data->encoder_inst = encoder_inst; - if (!evp_keymgmt_export(pk->keymgmt, pk->keydata, data->selection, + if (!evp_keymgmt_export(pk->keymgmt, pk->keydata, selection, &encoder_import_cb, data)) return NULL; data->obj = data->constructed_obj; @@ -206,6 +210,7 @@ encoder_construct_pkey(OSSL_ENCODER_INSTANCE *encoder_inst, void *arg) static void encoder_destruct_pkey(void *arg) { struct construct_data_st *data = arg; + int match = (data->obj == data->constructed_obj); if (data->encoder_inst != NULL) { OSSL_ENCODER *encoder = @@ -214,6 +219,8 @@ static void encoder_destruct_pkey(void *arg) encoder->free_object(data->constructed_obj); } data->constructed_obj = NULL; + if (match) + data->obj = NULL; } /* diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c index a2c151d64a..ee9471a1fd 100644 --- a/crypto/engine/eng_list.c +++ b/crypto/engine/eng_list.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -243,6 +243,7 @@ ENGINE *ENGINE_get_first(void) int ref; if (!CRYPTO_UP_REF(&ret->struct_ref, &ref)) { + CRYPTO_THREAD_unlock(global_engine_lock); ERR_raise(ERR_LIB_ENGINE, ERR_R_CRYPTO_LIB); return NULL; } @@ -269,6 +270,7 @@ ENGINE *ENGINE_get_last(void) int ref; if (!CRYPTO_UP_REF(&ret->struct_ref, &ref)) { + CRYPTO_THREAD_unlock(global_engine_lock); ERR_raise(ERR_LIB_ENGINE, ERR_R_CRYPTO_LIB); return NULL; } @@ -294,6 +296,7 @@ ENGINE *ENGINE_get_next(ENGINE *e) /* Return a valid structural reference to the next ENGINE */ if (!CRYPTO_UP_REF(&ret->struct_ref, &ref)) { + CRYPTO_THREAD_unlock(global_engine_lock); ERR_raise(ERR_LIB_ENGINE, ERR_R_CRYPTO_LIB); return NULL; } @@ -320,6 +323,7 @@ ENGINE *ENGINE_get_prev(ENGINE *e) /* Return a valid structural reference to the next ENGINE */ if (!CRYPTO_UP_REF(&ret->struct_ref, &ref)) { + CRYPTO_THREAD_unlock(global_engine_lock); ERR_raise(ERR_LIB_ENGINE, ERR_R_CRYPTO_LIB); return NULL; } diff --git a/crypto/engine/eng_pkey.c b/crypto/engine/eng_pkey.c index 6e6d6df35b..d18d837e62 100644 --- a/crypto/engine/eng_pkey.c +++ b/crypto/engine/eng_pkey.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/engine/eng_table.c b/crypto/engine/eng_table.c index 9dc3144bbf..6280965cc0 100644 --- a/crypto/engine/eng_table.c +++ b/crypto/engine/eng_table.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -215,9 +215,11 @@ ENGINE *ossl_engine_table_select(ENGINE_TABLE **table, int nid, f, l, nid); return NULL; } - ERR_set_mark(); + if (!CRYPTO_THREAD_write_lock(global_engine_lock)) - goto end; + return NULL; + + ERR_set_mark(); /* * Check again inside the lock otherwise we could race against cleanup * operations. But don't worry about a debug printout diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec index f1917136d8..f3802a05b5 100644 --- a/crypto/err/openssl.ec +++ b/crypto/err/openssl.ec @@ -76,4 +76,6 @@ R SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111 R SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 R SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 R SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 +R SSL_R_TLSV1_ALERT_UNKNOWN_PSK_IDENTITY 1115 R SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED 1116 +R SSL_R_TLSV1_ALERT_NO_APPLICATION_PROTOCOL 1120 diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 1607ad835f..36388ca9f5 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -1,4 +1,4 @@ -# Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -325,6 +325,8 @@ CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE:114:\ error reading messagedigest attribute CMS_R_ERROR_SETTING_KEY:115:error setting key CMS_R_ERROR_SETTING_RECIPIENTINFO:116:error setting recipientinfo +CMS_R_ERROR_UNSUPPORTED_STATIC_KEY_AGREEMENT:196:\ + error unsupported static key agreement CMS_R_ESS_SIGNING_CERTID_MISMATCH_ERROR:183:ess signing certid mismatch error CMS_R_INVALID_ENCRYPTED_KEY_LENGTH:117:invalid encrypted key length CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER:176:invalid key encryption parameter @@ -401,17 +403,15 @@ CMS_R_UNWRAP_FAILURE:180:unwrap failure CMS_R_VERIFICATION_FAILURE:158:verification failure CMS_R_WRAP_ERROR:159:wrap error COMP_R_BROTLI_DECODE_ERROR:102:brotli decode error -COMP_R_BROTLI_DEFLATE_ERROR:103:brotli deflate error -COMP_R_BROTLI_ENCODE_ERROR:106:brotli encode error -COMP_R_BROTLI_INFLATE_ERROR:104:brotli inflate error -COMP_R_BROTLI_NOT_SUPPORTED:105:brotli not supported +COMP_R_BROTLI_ENCODE_ERROR:103:brotli encode error +COMP_R_BROTLI_NOT_SUPPORTED:104:brotli not supported COMP_R_ZLIB_DEFLATE_ERROR:99:zlib deflate error COMP_R_ZLIB_INFLATE_ERROR:100:zlib inflate error COMP_R_ZLIB_NOT_SUPPORTED:101:zlib not supported -COMP_R_ZSTD_COMPRESS_ERROR:107:zstd compress error -COMP_R_ZSTD_DECODE_ERROR:108:zstd decode error -COMP_R_ZSTD_DECOMPRESS_ERROR:109:zstd decompress error -COMP_R_ZSTD_NOT_SUPPORTED:110:zstd not supported +COMP_R_ZSTD_COMPRESS_ERROR:105:zstd compress error +COMP_R_ZSTD_DECODE_ERROR:106:zstd decode error +COMP_R_ZSTD_DECOMPRESS_ERROR:107:zstd decompress error +COMP_R_ZSTD_NOT_SUPPORTED:108:zstd not supported CONF_R_ERROR_LOADING_DSO:110:error loading dso CONF_R_INVALID_PRAGMA:122:invalid pragma CONF_R_LIST_CANNOT_BE_NULL:115:list cannot be null @@ -1596,10 +1596,13 @@ SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION:1060:tlsv1 alert export restriction SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK:1086:tlsv1 alert inappropriate fallback SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY:1071:tlsv1 alert insufficient security SSL_R_TLSV1_ALERT_INTERNAL_ERROR:1080:tlsv1 alert internal error +SSL_R_TLSV1_ALERT_NO_APPLICATION_PROTOCOL:1120:\ + tlsv1 alert no application protocol SSL_R_TLSV1_ALERT_NO_RENEGOTIATION:1100:tlsv1 alert no renegotiation SSL_R_TLSV1_ALERT_PROTOCOL_VERSION:1070:tlsv1 alert protocol version SSL_R_TLSV1_ALERT_RECORD_OVERFLOW:1022:tlsv1 alert record overflow SSL_R_TLSV1_ALERT_UNKNOWN_CA:1048:tlsv1 alert unknown ca +SSL_R_TLSV1_ALERT_UNKNOWN_PSK_IDENTITY:1115:tlsv1 alert unknown psk identity SSL_R_TLSV1_ALERT_USER_CANCELLED:1090:tlsv1 alert user cancelled SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE:1114:tlsv1 bad certificate hash value SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE:1113:\ diff --git a/crypto/ess/ess_lib.c b/crypto/ess/ess_lib.c index 0612e68ee6..ff174470da 100644 --- a/crypto/ess/ess_lib.c +++ b/crypto/ess/ess_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -346,7 +346,7 @@ int OSSL_ESS_check_signing_certs(const ESS_SIGNING_CERT *ss, int i, ret; if (require_signing_cert && ss == NULL && ssv2 == NULL) { - ERR_raise(ERR_LIB_CMS, ESS_R_MISSING_SIGNING_CERTIFICATE_ATTRIBUTE); + ERR_raise(ERR_LIB_ESS, ESS_R_MISSING_SIGNING_CERTIFICATE_ATTRIBUTE); return -1; } if (n_v1 == 0 || n_v2 == 0) { diff --git a/crypto/evp/bio_enc.c b/crypto/evp/bio_enc.c index fc6eec7764..ffe4b5bb02 100644 --- a/crypto/evp/bio_enc.c +++ b/crypto/evp/bio_enc.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c index 54e589054c..ddc2f89843 100644 --- a/crypto/evp/ctrl_params_translate.c +++ b/crypto/evp/ctrl_params_translate.c @@ -1,5 +1,5 @@ /* - * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -1208,6 +1208,8 @@ static int fix_ecdh_cofactor(enum state state, /* The initial value for |ctx->action_type| must not be zero. */ if (!ossl_assert(ctx->action_type != NONE)) return 0; + } else if (state == POST_PARAMS_TO_CTRL && ctx->action_type == NONE) { + ctx->action_type = GET; } if ((ret = default_check(state, translation, ctx)) <= 0) @@ -1233,6 +1235,8 @@ static int fix_ecdh_cofactor(enum state state, } } else if (state == PRE_PARAMS_TO_CTRL && ctx->action_type == GET) { ctx->p1 = -2; + } else if (state == POST_PARAMS_TO_CTRL && ctx->action_type == GET) { + ctx->p1 = ret; } return ret; @@ -2845,7 +2849,7 @@ static int evp_pkey_ctx_setget_params_to_ctrl(EVP_PKEY_CTX *pctx, fixup_args_fn *fixup = default_fixup_args; int ret; - tmpl.action_type = action_type; + ctx.action_type = tmpl.action_type = action_type; tmpl.keytype1 = tmpl.keytype2 = keytype; tmpl.optype = optype; tmpl.param_key = params->key; @@ -2854,7 +2858,6 @@ static int evp_pkey_ctx_setget_params_to_ctrl(EVP_PKEY_CTX *pctx, if (translation != NULL) { if (translation->fixup_args != NULL) fixup = translation->fixup_args; - ctx.action_type = translation->action_type; ctx.ctrl_cmd = translation->ctrl_num; } ctx.pctx = pctx; @@ -2869,8 +2872,14 @@ static int evp_pkey_ctx_setget_params_to_ctrl(EVP_PKEY_CTX *pctx, /* * In POST, we pass the return value as p1, allowing the fixup_args * function to put it to good use, or maybe affect it. + * + * NOTE: even though EVP_PKEY_CTX_ctrl return value is documented + * as return positive on Success and 0 or negative on falure. There + * maybe parameters (e.g. ecdh_cofactor), which actually return 0 + * as success value. That is why we do POST_PARAMS_TO_CTRL for 0 + * value as well */ - if (ret > 0) { + if (ret >= 0) { ctx.p1 = ret; fixup(POST_PARAMS_TO_CTRL, translation, &ctx); ret = ctx.p1; @@ -2886,11 +2895,15 @@ static int evp_pkey_ctx_setget_params_to_ctrl(EVP_PKEY_CTX *pctx, int evp_pkey_ctx_set_params_to_ctrl(EVP_PKEY_CTX *ctx, const OSSL_PARAM *params) { + if (ctx->keymgmt != NULL) + return 0; return evp_pkey_ctx_setget_params_to_ctrl(ctx, SET, (OSSL_PARAM *)params); } int evp_pkey_ctx_get_params_to_ctrl(EVP_PKEY_CTX *ctx, OSSL_PARAM *params) { + if (ctx->keymgmt != NULL) + return 0; return evp_pkey_ctx_setget_params_to_ctrl(ctx, GET, params); } diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index ab670a8f49..3e835c9a76 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -425,7 +425,7 @@ int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) /* Code below to be removed when legacy support is dropped. */ legacy: - return ctx->update(ctx, data, count); + return ctx->update != NULL ? ctx->update(ctx, data, count) : 0; } /* The caller can assume that this removes any secret data from the context */ diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 0d61f4e49f..10abb7d52c 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/evp/evp_fetch.c b/crypto/evp/evp_fetch.c index ddc6be40b6..2067c4062f 100644 --- a/crypto/evp/evp_fetch.c +++ b/crypto/evp/evp_fetch.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/evp/evp_key.c b/crypto/evp/evp_key.c index a4ba76cd83..7ef94e44eb 100644 --- a/crypto/evp/evp_key.c +++ b/crypto/evp/evp_key.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index e539a76a78..be95668c7e 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/evp/evp_local.h b/crypto/evp/evp_local.h index 35c302ff7b..8c1ff35cf3 100644 --- a/crypto/evp/evp_local.h +++ b/crypto/evp/evp_local.h @@ -1,5 +1,5 @@ /* - * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c index 9153ecfaab..079de2f61c 100644 --- a/crypto/evp/evp_pbe.c +++ b/crypto/evp/evp_pbe.c @@ -40,7 +40,8 @@ static const EVP_PBE_CTL builtin_pbe[] = { {EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndRC2_CBC, NID_rc2_64_cbc, NID_sha1, PKCS5_PBE_keyivgen, PKCS5_PBE_keyivgen_ex}, - {EVP_PBE_TYPE_OUTER, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen}, + {EVP_PBE_TYPE_OUTER, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen, + PKCS5_v2_PBKDF2_keyivgen_ex}, {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC4, NID_rc4, NID_sha1, PKCS12_PBE_keyivgen, &PKCS12_PBE_keyivgen_ex}, diff --git a/crypto/evp/exchange.c b/crypto/evp/exchange.c index d9eed1cea5..70c2f441b9 100644 --- a/crypto/evp/exchange.c +++ b/crypto/evp/exchange.c @@ -431,7 +431,13 @@ int EVP_PKEY_derive_set_peer_ex(EVP_PKEY_CTX *ctx, EVP_PKEY *peer, */ if (provkey == NULL) goto legacy; - return ctx->op.kex.exchange->set_peer(ctx->op.kex.algctx, provkey); + ret = ctx->op.kex.exchange->set_peer(ctx->op.kex.algctx, provkey); + if (ret <= 0) + return ret; + EVP_PKEY_free(ctx->peerkey); + ctx->peerkey = peer; + EVP_PKEY_up_ref(peer); + return 1; legacy: #ifdef FIPS_MODULE diff --git a/crypto/evp/keymgmt_lib.c b/crypto/evp/keymgmt_lib.c index 7029e8a0a4..9ed0ba3cae 100644 --- a/crypto/evp/keymgmt_lib.c +++ b/crypto/evp/keymgmt_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/evp/keymgmt_meth.c b/crypto/evp/keymgmt_meth.c index f8f74925f8..e3bec60abc 100644 --- a/crypto/evp/keymgmt_meth.c +++ b/crypto/evp/keymgmt_meth.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c index 3a979f4bd4..74c7ac97db 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -690,13 +690,17 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, { EVP_PKEY_CTX *pctx = ctx->pctx; + if (pctx == NULL) { + ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); + return -1; + } + if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISED) != 0) { ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR); return 0; } - if (pctx != NULL - && pctx->operation == EVP_PKEY_OP_VERIFYCTX + if (pctx->operation == EVP_PKEY_OP_VERIFYCTX && pctx->op.sig.algctx != NULL && pctx->op.sig.signature != NULL) { if (pctx->op.sig.signature->digest_verify != NULL) { @@ -707,8 +711,8 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, } } else { /* legacy */ - if (ctx->pctx->pmeth != NULL && ctx->pctx->pmeth->digestverify != NULL) - return ctx->pctx->pmeth->digestverify(ctx, sigret, siglen, tbs, tbslen); + if (pctx->pmeth != NULL && pctx->pmeth->digestverify != NULL) + return pctx->pmeth->digestverify(ctx, sigret, siglen, tbs, tbslen); } if (EVP_DigestVerifyUpdate(ctx, tbs, tbslen) <= 0) diff --git a/crypto/evp/names.c b/crypto/evp/names.c index 19c03a3085..7ff850f997 100644 --- a/crypto/evp/names.c +++ b/crypto/evp/names.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -78,6 +78,7 @@ const EVP_CIPHER *evp_get_cipherbyname_ex(OSSL_LIB_CTX *libctx, const EVP_CIPHER *cp; OSSL_NAMEMAP *namemap; int id; + int do_retry = 1; if (!OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL)) return NULL; @@ -94,9 +95,21 @@ const EVP_CIPHER *evp_get_cipherbyname_ex(OSSL_LIB_CTX *libctx, */ namemap = ossl_namemap_stored(libctx); + retry: id = ossl_namemap_name2num(namemap, name); - if (id == 0) - return NULL; + if (id == 0) { + EVP_CIPHER *fetched_cipher; + + /* Try to fetch it because the name might not be known yet. */ + if (!do_retry) + return NULL; + do_retry = 0; + ERR_set_mark(); + fetched_cipher = EVP_CIPHER_fetch(libctx, name, NULL); + EVP_CIPHER_free(fetched_cipher); + ERR_pop_to_mark(); + goto retry; + } if (!ossl_namemap_doall_names(namemap, id, cipher_from_name, &cp)) return NULL; @@ -124,6 +137,7 @@ const EVP_MD *evp_get_digestbyname_ex(OSSL_LIB_CTX *libctx, const char *name) const EVP_MD *dp; OSSL_NAMEMAP *namemap; int id; + int do_retry = 1; if (!OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL)) return NULL; @@ -140,9 +154,21 @@ const EVP_MD *evp_get_digestbyname_ex(OSSL_LIB_CTX *libctx, const char *name) */ namemap = ossl_namemap_stored(libctx); + retry: id = ossl_namemap_name2num(namemap, name); - if (id == 0) - return NULL; + if (id == 0) { + EVP_MD *fetched_md; + + /* Try to fetch it because the name might not be known yet. */ + if (!do_retry) + return NULL; + do_retry = 0; + ERR_set_mark(); + fetched_md = EVP_MD_fetch(libctx, name, NULL); + EVP_MD_free(fetched_md); + ERR_pop_to_mark(); + goto retry; + } if (!ossl_namemap_doall_names(namemap, id, digest_from_name, &dp)) return NULL; diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index f7893d453d..aaba871705 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -1672,7 +1672,7 @@ int EVP_PKEY_up_ref(EVP_PKEY *pkey) if (CRYPTO_UP_REF(&pkey->references, &i) <= 0) return 0; - REF_PRINT_COUNT("EVP_PKEY", pkey); + REF_PRINT_COUNT("EVP_PKEY", i, pkey); REF_ASSERT_ISNT(i < 2); return ((i > 1) ? 1 : 0); } @@ -1793,7 +1793,7 @@ void EVP_PKEY_free(EVP_PKEY *x) return; CRYPTO_DOWN_REF(&x->references, &i); - REF_PRINT_COUNT("EVP_PKEY", x); + REF_PRINT_COUNT("EVP_PKEY", i, x); if (i > 0) return; REF_ASSERT_ISNT(i < 0); diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 170f6ebcb0..5ff38a5d6a 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -695,8 +695,9 @@ int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX *ctx, const OSSL_PARAM *params) ctx->op.encap.kem->set_ctx_params(ctx->op.encap.algctx, params); break; -#ifndef FIPS_MODULE case EVP_PKEY_STATE_UNKNOWN: + break; +#ifndef FIPS_MODULE case EVP_PKEY_STATE_LEGACY: return evp_pkey_ctx_set_params_to_ctrl(ctx, params); #endif @@ -733,8 +734,9 @@ int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params) ctx->op.encap.kem->get_ctx_params(ctx->op.encap.algctx, params); break; -#ifndef FIPS_MODULE case EVP_PKEY_STATE_UNKNOWN: + break; +#ifndef FIPS_MODULE case EVP_PKEY_STATE_LEGACY: return evp_pkey_ctx_get_params_to_ctrl(ctx, params); #endif @@ -1002,6 +1004,78 @@ static int evp_pkey_ctx_set1_octet_string(EVP_PKEY_CTX *ctx, int fallback, return EVP_PKEY_CTX_set_params(ctx, octet_string_params); } +static int evp_pkey_ctx_add1_octet_string(EVP_PKEY_CTX *ctx, int fallback, + const char *param, int op, int ctrl, + const unsigned char *data, + int datalen) +{ + OSSL_PARAM os_params[2]; + const OSSL_PARAM *gettables; + unsigned char *info = NULL; + size_t info_len = 0; + size_t info_alloc = 0; + int ret = 0; + + if (ctx == NULL || (ctx->operation & op) == 0) { + ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); + /* Uses the same return values as EVP_PKEY_CTX_ctrl */ + return -2; + } + + /* Code below to be removed when legacy support is dropped. */ + if (fallback) + return EVP_PKEY_CTX_ctrl(ctx, -1, op, ctrl, datalen, (void *)(data)); + /* end of legacy support */ + + if (datalen < 0) { + ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_LENGTH); + return 0; + } else if (datalen == 0) { + return 1; + } + + /* Check for older provider that doesn't support getting this parameter */ + gettables = EVP_PKEY_CTX_gettable_params(ctx); + if (gettables == NULL || OSSL_PARAM_locate_const(gettables, param) == NULL) + return evp_pkey_ctx_set1_octet_string(ctx, fallback, param, op, ctrl, + data, datalen); + + /* Get the original value length */ + os_params[0] = OSSL_PARAM_construct_octet_string(param, NULL, 0); + os_params[1] = OSSL_PARAM_construct_end(); + + if (!EVP_PKEY_CTX_get_params(ctx, os_params)) + return 0; + + /* This should not happen but check to be sure. */ + if (os_params[0].return_size == OSSL_PARAM_UNMODIFIED) + return 0; + + info_alloc = os_params[0].return_size + datalen; + if (info_alloc == 0) + return 0; + info = OPENSSL_zalloc(info_alloc); + if (info == NULL) + return 0; + info_len = os_params[0].return_size; + + os_params[0] = OSSL_PARAM_construct_octet_string(param, info, info_alloc); + + /* if we have data, then go get it */ + if (info_len > 0) { + if (!EVP_PKEY_CTX_get_params(ctx, os_params)) + goto error; + } + + /* Copy the input data */ + memcpy(&info[info_len], data, datalen); + ret = EVP_PKEY_CTX_set_params(ctx, os_params); + + error: + OPENSSL_clear_free(info, info_alloc); + return ret; +} + int EVP_PKEY_CTX_set1_tls1_prf_secret(EVP_PKEY_CTX *ctx, const unsigned char *sec, int seclen) { @@ -1052,7 +1126,7 @@ int EVP_PKEY_CTX_set1_hkdf_key(EVP_PKEY_CTX *ctx, int EVP_PKEY_CTX_add1_hkdf_info(EVP_PKEY_CTX *ctx, const unsigned char *info, int infolen) { - return evp_pkey_ctx_set1_octet_string(ctx, ctx->op.kex.algctx == NULL, + return evp_pkey_ctx_add1_octet_string(ctx, ctx->op.kex.algctx == NULL, OSSL_KDF_PARAM_INFO, EVP_PKEY_OP_DERIVE, EVP_PKEY_CTRL_HKDF_INFO, diff --git a/crypto/evp/signature.c b/crypto/evp/signature.c index e274c88f6b..c05eb78b51 100644 --- a/crypto/evp/signature.c +++ b/crypto/evp/signature.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/hpke/hpke.c b/crypto/hpke/hpke.c index ef272e1369..8fd40bb611 100644 --- a/crypto/hpke/hpke.c +++ b/crypto/hpke/hpke.c @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -842,6 +842,7 @@ OSSL_HPKE_CTX *OSSL_HPKE_CTX_new(int mode, OSSL_HPKE_SUITE suite, int role, err: EVP_CIPHER_free(ctx->aead_ciph); + OPENSSL_free(ctx->propq); OPENSSL_free(ctx); return NULL; } diff --git a/crypto/http/http_client.c b/crypto/http/http_client.c index ebcaa8a111..f508d5b1f4 100644 --- a/crypto/http/http_client.c +++ b/crypto/http/http_client.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright Siemens AG 2018-2020 * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -928,6 +928,20 @@ int OSSL_HTTP_REQ_CTX_nbio_d2i(OSSL_HTTP_REQ_CTX *rctx, #ifndef OPENSSL_NO_SOCK +static const char *explict_or_default_port(const char *hostserv, const char *port, int use_ssl) +{ + if (port == NULL) { + char *service = NULL; + + if (!BIO_parse_hostserv(hostserv, NULL, &service, BIO_PARSE_PRIO_HOST)) + return NULL; + if (service == NULL) /* implicit port */ + port = use_ssl ? OSSL_HTTPS_PORT : OSSL_HTTP_PORT; + OPENSSL_free(service); + } /* otherwise take the explicitly given port */ + return port; +} + /* set up a new connection BIO, to HTTP server or to HTTP(S) proxy if given */ static BIO *http_new_bio(const char *server /* optionally includes ":port" */, const char *server_port /* explicit server port */, @@ -947,8 +961,7 @@ static BIO *http_new_bio(const char *server /* optionally includes ":port" */, port = proxy_port; } - if (port == NULL && strchr(host, ':') == NULL) - port = use_ssl ? OSSL_HTTPS_PORT : OSSL_HTTP_PORT; + port = explict_or_default_port(host, port, use_ssl); cbio = BIO_new_connect(host /* optionally includes ":port" */); if (cbio == NULL) @@ -1035,8 +1048,6 @@ OSSL_HTTP_REQ_CTX *OSSL_HTTP_open(const char *server, const char *port, } if (port != NULL && *port == '\0') port = NULL; - if (port == NULL && strchr(server, ':') == NULL) - port = use_ssl ? OSSL_HTTPS_PORT : OSSL_HTTP_PORT; proxy = OSSL_HTTP_adapt_proxy(proxy, no_proxy, server, use_ssl); if (proxy != NULL && !OSSL_HTTP_parse_url(proxy, NULL /* use_ssl */, NULL /* user */, diff --git a/crypto/http/http_lib.c b/crypto/http/http_lib.c index cd0e25c85e..e453778104 100644 --- a/crypto/http/http_lib.c +++ b/crypto/http/http_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,6 +14,13 @@ #include /* for BIO_snprintf() */ #include #include "internal/cryptlib.h" /* for ossl_assert() */ +#ifndef OPENSSL_NO_SOCK +# include "internal/bio_addr.h" /* for NI_MAXHOST */ +#endif +#ifndef NI_MAXHOST +# define NI_MAXHOST 255 +#endif +#include "crypto/ctype.h" /* for ossl_isspace() */ static void init_pstring(char **pstr) { @@ -251,10 +258,17 @@ static int use_proxy(const char *no_proxy, const char *server) { size_t sl; const char *found = NULL; + char host[NI_MAXHOST]; if (!ossl_assert(server != NULL)) return 0; sl = strlen(server); + if (sl >= 2 && sl < sizeof(host) + 2 && server[0] == '[' && server[sl - 1] == ']') { + /* strip leading '[' and trailing ']' from escaped IPv6 address */ + sl -= 2; + strncpy(host, server + 1, sl); + server = host; + } /* * using environment variable names, both lowercase and uppercase variants, @@ -268,8 +282,8 @@ static int use_proxy(const char *no_proxy, const char *server) if (no_proxy != NULL) found = strstr(no_proxy, server); while (found != NULL - && ((found != no_proxy && found[-1] != ' ' && found[-1] != ',') - || (found[sl] != '\0' && found[sl] != ' ' && found[sl] != ','))) + && ((found != no_proxy && !ossl_isspace(found[-1]) && found[-1] != ',') + || (found[sl] != '\0' && !ossl_isspace(found[sl]) && found[sl] != ','))) found = strstr(found + 1, server); return found == NULL; } @@ -285,7 +299,7 @@ const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy, if (proxy == NULL) proxy = ossl_safe_getenv(use_ssl ? "https_proxy" : "http_proxy"); if (proxy == NULL) - proxy = ossl_safe_getenv(use_ssl ? OPENSSL_HTTP_PROXY : OPENSSL_HTTPS_PROXY); + proxy = ossl_safe_getenv(use_ssl ? OPENSSL_HTTPS_PROXY : OPENSSL_HTTP_PROXY); if (proxy == NULL || *proxy == '\0' || !use_proxy(no_proxy, server)) return NULL; diff --git a/crypto/init.c b/crypto/init.c index 40be312b8a..07bcf83952 100644 --- a/crypto/init.c +++ b/crypto/init.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/initthread.c b/crypto/initthread.c index e4d830d7fc..27b460009e 100644 --- a/crypto/initthread.c +++ b/crypto/initthread.c @@ -266,9 +266,8 @@ void *ossl_thread_event_ctx_new(OSSL_LIB_CTX *libctx) if (tlocal == NULL) return NULL; - if (!CRYPTO_THREAD_init_local(tlocal, NULL)) { - goto err; - } + if (!CRYPTO_THREAD_init_local(tlocal, NULL)) + goto deinit; hands = OPENSSL_zalloc(sizeof(*hands)); if (hands == NULL) @@ -290,12 +289,15 @@ void *ossl_thread_event_ctx_new(OSSL_LIB_CTX *libctx) return tlocal; err: OPENSSL_free(hands); + CRYPTO_THREAD_cleanup_local(tlocal); + deinit: OPENSSL_free(tlocal); return NULL; } void ossl_thread_event_ctx_free(void *tlocal) { + CRYPTO_THREAD_cleanup_local(tlocal); OPENSSL_free(tlocal); } diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.c index 8d7693d749..e0234ccbff 100644 --- a/crypto/lhash/lhash.c +++ b/crypto/lhash/lhash.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/lhash/lhash_local.h b/crypto/lhash/lhash_local.h index 5d9a0cb0ec..8da63b9add 100644 --- a/crypto/lhash/lhash_local.h +++ b/crypto/lhash/lhash_local.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/loongarch64cpuid.pl b/crypto/loongarch64cpuid.pl index 8a84caca92..5483f8cb24 100644 --- a/crypto/loongarch64cpuid.pl +++ b/crypto/loongarch64cpuid.pl @@ -16,10 +16,9 @@ ($vr0,$vr1,$vr2,$vr3,$vr4,$vr5,$vr6,$vr7,$vr8,$vr9,$vr10,$vr11,$vr12,$vr13,$vr14,$vr15,$vr16,$vr17,$vr18,$vr19)=map("\$vr$_",(0..19)); ($fp)=map("\$r$_",(22)); - -for (@ARGV) { $output=$_ if (/\w[\w\-]*\.\w+$/); } -open STDOUT,">$output"; -while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} +# $output is the last argument if it looks like a file (it has an extension) +my $output; +$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; open STDOUT,">$output"; { diff --git a/crypto/md5/asm/md5-loongarch64.pl b/crypto/md5/asm/md5-loongarch64.pl index 61f8749a3a..b15787a389 100755 --- a/crypto/md5/asm/md5-loongarch64.pl +++ b/crypto/md5/asm/md5-loongarch64.pl @@ -18,8 +18,9 @@ my ($zero,$ra,$tp,$sp,$fp)=map("\$r$_",(0..3,22)); my ($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$r$_",(4..11)); my ($t0,$t1,$t2,$t3,$t4,$t5,$t6,$t7,$t8,$x)=map("\$r$_",(12..21)); +# $output is the last argument if it looks like a file (it has an extension) my $output; -for (@ARGV) { $output=$_ if (/\w[\w\-]*\.\w+$/); } +$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; open STDOUT,">$output"; # round1_step() does: diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c index de9137c927..366fe11215 100644 --- a/crypto/modes/gcm128.c +++ b/crypto/modes/gcm128.c @@ -1,5 +1,5 @@ /* - * Copyright 2010-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2010-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -485,7 +485,11 @@ static void gcm_get_funcs(struct gcm_funcs_st *ctx) #elif defined(GHASH_ASM_ARM) /* ARM defaults */ ctx->gmult = gcm_gmult_4bit; +# if !defined(OPENSSL_SMALL_FOOTPRINT) ctx->ghash = gcm_ghash_4bit; +# else + ctx->ghash = NULL; +# endif # ifdef PMULL_CAPABLE if (PMULL_CAPABLE) { ctx->ginit = (gcm_init_fn)gcm_init_v8; diff --git a/crypto/o_str.c b/crypto/o_str.c index ce60f3b95c..dfac215ac3 100644 --- a/crypto/o_str.c +++ b/crypto/o_str.c @@ -1,5 +1,5 @@ /* - * Copyright 2003-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2003-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -225,12 +225,14 @@ static int buf2hexstr_sep(char *str, size_t str_n, size_t *strlength, int has_sep = (sep != CH_ZERO); size_t len = has_sep ? buflen * 3 : 1 + buflen * 2; + if (len == 0) + ++len; if (strlength != NULL) *strlength = len; if (str == NULL) return 1; - if (str_n < (unsigned long)len) { + if (str_n < len) { ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_TOO_SMALL_BUFFER); return 0; } @@ -242,7 +244,7 @@ static int buf2hexstr_sep(char *str, size_t str_n, size_t *strlength, if (has_sep) *q++ = sep; } - if (has_sep) + if (has_sep && buflen > 0) --q; *q = CH_ZERO; diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c index 30a63bbbd9..8bc4fa8ec2 100644 --- a/crypto/objects/obj_dat.c +++ b/crypto/objects/obj_dat.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -263,7 +263,7 @@ int OBJ_new_nid(int num) static int ossl_obj_add_object(const ASN1_OBJECT *obj, int lock) { ASN1_OBJECT *o = NULL; - ADDED_OBJ *ao[4] = { NULL, NULL, NULL, NULL }, *aop; + ADDED_OBJ *ao[4] = { NULL, NULL, NULL, NULL }, *aop[4]; int i; if ((o = OBJ_dup(obj)) == NULL) @@ -294,9 +294,21 @@ static int ossl_obj_add_object(const ASN1_OBJECT *obj, int lock) if (ao[i] != NULL) { ao[i]->type = i; ao[i]->obj = o; - aop = lh_ADDED_OBJ_insert(added, ao[i]); - /* memory leak, but should not normally matter */ - OPENSSL_free(aop); + aop[i] = lh_ADDED_OBJ_retrieve(added, ao[i]); + if (aop[i] != NULL) + aop[i]->type = -1; + (void)lh_ADDED_OBJ_insert(added, ao[i]); + if (lh_ADDED_OBJ_error(added)) { + if (aop[i] != NULL) + aop[i]->type = i; + while (i-- > ADDED_DATA) { + lh_ADDED_OBJ_delete(added, ao[i]); + if (aop[i] != NULL) + aop[i]->type = i; + } + ERR_raise(ERR_LIB_OBJ, ERR_R_CRYPTO_LIB); + goto err; + } } } o->flags &= diff --git a/crypto/params.c b/crypto/params.c index 425c402fd5..c109cabd42 100644 --- a/crypto/params.c +++ b/crypto/params.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -469,9 +469,6 @@ int OSSL_PARAM_get_int32(const OSSL_PARAM *p, int32_t *val) int OSSL_PARAM_set_int32(OSSL_PARAM *p, int32_t val) { - uint32_t u32; - unsigned int shift; - if (p == NULL) { err_null_argument; return 0; @@ -511,6 +508,9 @@ int OSSL_PARAM_set_int32(OSSL_PARAM *p, int32_t val) return general_set_int(p, &val, sizeof(val)); } else if (p->data_type == OSSL_PARAM_REAL) { #ifndef OPENSSL_SYS_UEFI + uint32_t u32; + unsigned int shift; + p->return_size = sizeof(double); if (p->data == NULL) return 1; @@ -624,8 +624,6 @@ int OSSL_PARAM_get_uint32(const OSSL_PARAM *p, uint32_t *val) int OSSL_PARAM_set_uint32(OSSL_PARAM *p, uint32_t val) { - unsigned int shift; - if (p == NULL) { err_null_argument; return 0; @@ -670,6 +668,8 @@ int OSSL_PARAM_set_uint32(OSSL_PARAM *p, uint32_t val) return general_set_uint(p, &val, sizeof(val)); } else if (p->data_type == OSSL_PARAM_REAL) { #ifndef OPENSSL_SYS_UEFI + unsigned int shift; + p->return_size = sizeof(double); if (p->data == NULL) return 1; diff --git a/crypto/params_from_text.c b/crypto/params_from_text.c index 1591029817..e603dfec64 100644 --- a/crypto/params_from_text.c +++ b/crypto/params_from_text.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c index 1592e351ed..6e84f0afd0 100644 --- a/crypto/pem/pem_pk8.c +++ b/crypto/pem/pem_pk8.c @@ -173,7 +173,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, X509_SIG *p8 = NULL; int klen; EVP_PKEY *ret; - char psbuf[PEM_BUFSIZE]; + char psbuf[PEM_BUFSIZE + 1]; /* reserve one byte at the end */ p8 = d2i_PKCS8_bio(bp, NULL); if (p8 == NULL) @@ -182,7 +182,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, klen = cb(psbuf, PEM_BUFSIZE, 0, u); else klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u); - if (klen < 0) { + if (klen < 0 || klen > PEM_BUFSIZE) { ERR_raise(ERR_LIB_PEM, PEM_R_BAD_PASSWORD_READ); X509_SIG_free(p8); return NULL; diff --git a/crypto/perlasm/riscv.pm b/crypto/perlasm/riscv.pm index 9fdee77793..2148d249bf 100644 --- a/crypto/perlasm/riscv.pm +++ b/crypto/perlasm/riscv.pm @@ -2,7 +2,7 @@ # This file is dual-licensed, meaning that you can use it under your # choice of either of the following two licenses: # -# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You can obtain # a copy in the file LICENSE in the source distribution or at @@ -384,6 +384,36 @@ sub rev8 { return ".word ".($template | ($rs << 15) | ($rd << 7)); } +sub roriw { + # Encoding for roriw rd, rs1, shamt instruction on RV64 + # XXXXXXX_ shamt _ rs1 _XXX_ rd _XXXXXXX + my $template = 0b0110000_00000_00000_101_00000_0011011; + my $rd = read_reg shift; + my $rs1 = read_reg shift; + my $shamt = shift; + return ".word ".($template | ($shamt << 20) | ($rs1 << 15) | ($rd << 7)); +} + +sub maxu { + # Encoding for maxu rd, rs1, rs2 instruction on RV64 + # XXXXXXX_ rs2 _ rs1 _XXX_ rd _XXXXXXX + my $template = 0b0000101_00000_00000_111_00000_0110011; + my $rd = read_reg shift; + my $rs1 = read_reg shift; + my $rs2 = read_reg shift; + return ".word ".($template | ($rs2 << 20) | ($rs1 << 15) | ($rd << 7)); +} + +sub minu { + # Encoding for minu rd, rs1, rs2 instruction on RV64 + # XXXXXXX_ rs2 _ rs1 _XXX_ rd _XXXXXXX + my $template = 0b0000101_00000_00000_101_00000_0110011; + my $rd = read_reg shift; + my $rs1 = read_reg shift; + my $rs2 = read_reg shift; + return ".word ".($template | ($rs2 << 20) | ($rs1 << 15) | ($rd << 7)); +} + # Vector instructions sub vadd_vv { diff --git a/crypto/perlasm/sparcv9_modes.pl b/crypto/perlasm/sparcv9_modes.pl index 76a2727aba..295c6312cc 100644 --- a/crypto/perlasm/sparcv9_modes.pl +++ b/crypto/perlasm/sparcv9_modes.pl @@ -46,8 +46,8 @@ $::code.=<<___; .align 32 ${alg}${bits}_t4_cbc_encrypt: save %sp, -$::frame, %sp - cmp $len, 0 - be,pn $::size_t_cc, .L${bits}_cbc_enc_abort + cmp $len, 15 + bleu,pn $::size_t_cc, .L${bits}_cbc_enc_abort srln $len, 0, $len ! needed on v8+, "nop" on v9 sub $inp, $out, $blk_init ! $inp!=$out ___ @@ -264,8 +264,8 @@ $::code.=<<___; .align 32 ${alg}${bits}_t4_cbc_decrypt: save %sp, -$::frame, %sp - cmp $len, 0 - be,pn $::size_t_cc, .L${bits}_cbc_dec_abort + cmp $len, 15 + bleu,pn $::size_t_cc, .L${bits}_cbc_dec_abort srln $len, 0, $len ! needed on v8+, "nop" on v9 sub $inp, $out, $blk_init ! $inp!=$out ___ diff --git a/crypto/pkcs12/p12_add.c b/crypto/pkcs12/p12_add.c index 98ace97ae8..b2635ff1f6 100644 --- a/crypto/pkcs12/p12_add.c +++ b/crypto/pkcs12/p12_add.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/pkcs12/p12_crt.c b/crypto/pkcs12/p12_crt.c index 2e40dd93c2..2f430af327 100644 --- a/crypto/pkcs12/p12_crt.c +++ b/crypto/pkcs12/p12_crt.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -246,19 +246,24 @@ PKCS12_SAFEBAG *PKCS12_add_key_ex(STACK_OF(PKCS12_SAFEBAG) **pbags, /* Make a PKCS#8 structure */ if ((p8 = EVP_PKEY2PKCS8(key)) == NULL) goto err; - if (key_usage && !PKCS8_add_keyusage(p8, key_usage)) + if (key_usage && !PKCS8_add_keyusage(p8, key_usage)) { + PKCS8_PRIV_KEY_INFO_free(p8); goto err; + } if (nid_key != -1) { + /* This call does not take ownership of p8 */ bag = PKCS12_SAFEBAG_create_pkcs8_encrypt_ex(nid_key, pass, -1, NULL, 0, iter, p8, ctx, propq); - PKCS8_PRIV_KEY_INFO_free(p8); - } else + } else { bag = PKCS12_SAFEBAG_create0_p8inf(p8); + if (bag != NULL) + p8 = NULL; /* bag takes ownership of p8 */ + } + /* This does not need to be in the error path */ + if (p8 != NULL) + PKCS8_PRIV_KEY_INFO_free(p8); - if (!bag) - goto err; - - if (!pkcs12_add_bag(pbags, bag)) + if (bag == NULL || !pkcs12_add_bag(pbags, bag)) goto err; return bag; diff --git a/crypto/pkcs12/p12_decr.c b/crypto/pkcs12/p12_decr.c index 498632a0bc..3fa9c9c8cc 100644 --- a/crypto/pkcs12/p12_decr.c +++ b/crypto/pkcs12/p12_decr.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c index ebf602703f..4091e61d9d 100644 --- a/crypto/pkcs12/p12_mutl.c +++ b/crypto/pkcs12/p12_mutl.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/pkcs12/p12_npas.c b/crypto/pkcs12/p12_npas.c index c2ece54ca3..78be2b5a8c 100644 --- a/crypto/pkcs12/p12_npas.c +++ b/crypto/pkcs12/p12_npas.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index c753a0880b..d15a316723 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -1018,6 +1018,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, STACK_OF(X509_ATTRIBUTE) *sk; BIO *btmp; EVP_PKEY *pkey; + unsigned char *abuf = NULL; const PKCS7_CTX *ctx = ossl_pkcs7_get0_ctx(p7); OSSL_LIB_CTX *libctx = ossl_pkcs7_ctx_get0_libctx(ctx); const char *propq = ossl_pkcs7_ctx_get0_propq(ctx); @@ -1067,7 +1068,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, sk = si->auth_attr; if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) { - unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL; + unsigned char md_dat[EVP_MAX_MD_SIZE]; unsigned int md_len; int alen; ASN1_OCTET_STRING *message_digest; @@ -1109,8 +1110,6 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, } if (!EVP_VerifyUpdate(mdc_tmp, abuf, alen)) goto err; - - OPENSSL_free(abuf); } os = si->enc_digest; @@ -1128,6 +1127,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, } ret = 1; err: + OPENSSL_free(abuf); EVP_MD_CTX_free(mdc_tmp); EVP_MD_free(fetched_md); return ret; @@ -1234,36 +1234,29 @@ static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, void *value) { X509_ATTRIBUTE *attr = NULL; + int i, n; if (*sk == NULL) { if ((*sk = sk_X509_ATTRIBUTE_new_null()) == NULL) return 0; - new_attrib: - if ((attr = X509_ATTRIBUTE_create(nid, atrtype, value)) == NULL) - return 0; - if (!sk_X509_ATTRIBUTE_push(*sk, attr)) { - X509_ATTRIBUTE_free(attr); - return 0; - } - } else { - int i; - - for (i = 0; i < sk_X509_ATTRIBUTE_num(*sk); i++) { - attr = sk_X509_ATTRIBUTE_value(*sk, i); - if (OBJ_obj2nid(X509_ATTRIBUTE_get0_object(attr)) == nid) { - X509_ATTRIBUTE_free(attr); - attr = X509_ATTRIBUTE_create(nid, atrtype, value); - if (attr == NULL) - return 0; - if (!sk_X509_ATTRIBUTE_set(*sk, i, attr)) { - X509_ATTRIBUTE_free(attr); - return 0; - } - goto end; - } - } - goto new_attrib; } + n = sk_X509_ATTRIBUTE_num(*sk); + for (i = 0; i < n; i++) { + attr = sk_X509_ATTRIBUTE_value(*sk, i); + if (OBJ_obj2nid(X509_ATTRIBUTE_get0_object(attr)) == nid) + goto end; + } + if (!sk_X509_ATTRIBUTE_push(*sk, NULL)) + return 0; + end: + attr = X509_ATTRIBUTE_create(nid, atrtype, value); + if (attr == NULL) { + if (i == n) + sk_X509_ATTRIBUTE_pop(*sk); + return 0; + } + X509_ATTRIBUTE_free(sk_X509_ATTRIBUTE_value(*sk, i)); + (void) sk_X509_ATTRIBUTE_set(*sk, i, attr); return 1; } diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c index 7be2928542..6a82389f51 100644 --- a/crypto/pkcs7/pk7_lib.c +++ b/crypto/pkcs7/pk7_lib.c @@ -28,6 +28,11 @@ long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg) /* NOTE(emilia): does not support detached digested data. */ case PKCS7_OP_SET_DETACHED_SIGNATURE: if (nid == NID_pkcs7_signed) { + if (p7->d.sign == NULL) { + ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_CONTENT); + ret = 0; + break; + } ret = p7->detached = (int)larg; if (ret && PKCS7_type_is_data(p7->d.sign->contents)) { ASN1_OCTET_STRING *os; diff --git a/crypto/pkcs7/pk7_mime.c b/crypto/pkcs7/pk7_mime.c index 8228315eea..d23f7a869f 100644 --- a/crypto/pkcs7/pk7_mime.c +++ b/crypto/pkcs7/pk7_mime.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c index d3ba19ba29..747c417718 100644 --- a/crypto/pkcs7/pk7_smime.c +++ b/crypto/pkcs7/pk7_smime.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/poly1305/asm/poly1305-armv4.pl b/crypto/poly1305/asm/poly1305-armv4.pl index b98beefa18..673ea62ec3 100755 --- a/crypto/poly1305/asm/poly1305-armv4.pl +++ b/crypto/poly1305/asm/poly1305-armv4.pl @@ -1240,6 +1240,7 @@ $code.=<<___; .align 2 #if __ARM_MAX_ARCH__>=7 .extern OPENSSL_armcap_P +.hidden OPENSSL_armcap_P #endif ___ diff --git a/crypto/poly1305/asm/poly1305-ppc.pl b/crypto/poly1305/asm/poly1305-ppc.pl index 2e601bb9c2..9f9b27cac3 100755 --- a/crypto/poly1305/asm/poly1305-ppc.pl +++ b/crypto/poly1305/asm/poly1305-ppc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/poly1305/poly1305_ieee754.c b/crypto/poly1305/poly1305_ieee754.c index fd48adc98f..57a08aa248 100644 --- a/crypto/poly1305/poly1305_ieee754.c +++ b/crypto/poly1305/poly1305_ieee754.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/property/property.c b/crypto/property/property.c index c551c825b1..55e990bdbf 100644 --- a/crypto/property/property.c +++ b/crypto/property/property.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -96,6 +96,8 @@ typedef struct { DEFINE_SPARSE_ARRAY_OF(ALGORITHM); +DEFINE_STACK_OF(ALGORITHM) + typedef struct ossl_global_properties_st { OSSL_PROPERTY_LIST *list; #ifndef FIPS_MODULE @@ -461,33 +463,45 @@ static void alg_do_one(ALGORITHM *alg, IMPLEMENTATION *impl, fn(alg->nid, impl->method.method, fnarg); } -struct alg_do_each_data_st { - void (*fn)(int id, void *method, void *fnarg); - void *fnarg; -}; - -static void alg_do_each(ossl_uintmax_t idx, ALGORITHM *alg, void *arg) +static void alg_copy(ossl_uintmax_t idx, ALGORITHM *alg, void *arg) { - struct alg_do_each_data_st *data = arg; - int i, end = sk_IMPLEMENTATION_num(alg->impls); + STACK_OF(ALGORITHM) *newalg = arg; - for (i = 0; i < end; i++) { - IMPLEMENTATION *impl = sk_IMPLEMENTATION_value(alg->impls, i); - - alg_do_one(alg, impl, data->fn, data->fnarg); - } + (void)sk_ALGORITHM_push(newalg, alg); } void ossl_method_store_do_all(OSSL_METHOD_STORE *store, void (*fn)(int id, void *method, void *fnarg), void *fnarg) { - struct alg_do_each_data_st data; + int i, j; + int numalgs, numimps; + STACK_OF(ALGORITHM) *tmpalgs; + ALGORITHM *alg; - data.fn = fn; - data.fnarg = fnarg; - if (store != NULL) - ossl_sa_ALGORITHM_doall_arg(store->algs, alg_do_each, &data); + if (store != NULL) { + + if (!ossl_property_read_lock(store)) + return; + + tmpalgs = sk_ALGORITHM_new_reserve(NULL, + ossl_sa_ALGORITHM_num(store->algs)); + if (tmpalgs == NULL) { + ossl_property_unlock(store); + return; + } + + ossl_sa_ALGORITHM_doall_arg(store->algs, alg_copy, tmpalgs); + ossl_property_unlock(store); + numalgs = sk_ALGORITHM_num(tmpalgs); + for (i = 0; i < numalgs; i++) { + alg = sk_ALGORITHM_value(tmpalgs, i); + numimps = sk_IMPLEMENTATION_num(alg->impls); + for (j = 0; j < numimps; j++) + alg_do_one(alg, sk_IMPLEMENTATION_value(alg->impls, j), fn, fnarg); + } + sk_ALGORITHM_free(tmpalgs); + } } int ossl_method_store_fetch(OSSL_METHOD_STORE *store, @@ -643,10 +657,13 @@ static void impl_cache_flush_one_alg(ossl_uintmax_t idx, ALGORITHM *alg, void *v) { IMPL_CACHE_FLUSH *state = (IMPL_CACHE_FLUSH *)v; + unsigned long orig_down_load = lh_QUERY_get_down_load(alg->cache); state->cache = alg->cache; + lh_QUERY_set_down_load(alg->cache, 0); lh_QUERY_doall_IMPL_CACHE_FLUSH(state->cache, &impl_cache_flush_cache, state); + lh_QUERY_set_down_load(alg->cache, orig_down_load); } static void ossl_method_cache_flush_some(OSSL_METHOD_STORE *store) diff --git a/crypto/property/property_parse.c b/crypto/property/property_parse.c index 48788b00c1..dbe766d39f 100644 --- a/crypto/property/property_parse.c +++ b/crypto/property/property_parse.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use diff --git a/crypto/provider_core.c b/crypto/provider_core.c index 57dacd76f7..297b281a39 100644 --- a/crypto/provider_core.c +++ b/crypto/provider_core.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -446,13 +446,11 @@ static OSSL_PROVIDER *provider_new(const char *name, OPENSSL_free(prov); return NULL; } -#ifndef HAVE_ATOMICS if ((prov->activatecnt_lock = CRYPTO_THREAD_lock_new()) == NULL) { ossl_provider_free(prov); ERR_raise(ERR_LIB_CRYPTO, ERR_R_CRYPTO_LIB); return NULL; } -#endif if ((prov->opbits_lock = CRYPTO_THREAD_lock_new()) == NULL || (prov->flag_lock = CRYPTO_THREAD_lock_new()) == NULL @@ -566,8 +564,10 @@ OSSL_PROVIDER *ossl_provider_new(OSSL_LIB_CTX *libctx, const char *name, if (params[i].data_type != OSSL_PARAM_UTF8_STRING) continue; if (ossl_provider_info_add_parameter(&template, params[i].key, - (char *)params[i].data) <= 0) + (char *)params[i].data) <= 0) { + sk_INFOPAIR_pop_free(template.parameters, infopair_free); return NULL; + } } } @@ -580,6 +580,11 @@ OSSL_PROVIDER *ossl_provider_new(OSSL_LIB_CTX *libctx, const char *name, if (prov == NULL) return NULL; + if (!ossl_provider_set_module_path(prov, template.path)) { + ossl_provider_free(prov); + return NULL; + } + prov->libctx = libctx; #ifndef FIPS_MODULE prov->error_lib = ERR_get_next_error_library(); @@ -742,9 +747,7 @@ void ossl_provider_free(OSSL_PROVIDER *prov) sk_INFOPAIR_pop_free(prov->parameters, infopair_free); CRYPTO_THREAD_lock_free(prov->opbits_lock); CRYPTO_THREAD_lock_free(prov->flag_lock); -#ifndef HAVE_ATOMICS CRYPTO_THREAD_lock_free(prov->activatecnt_lock); -#endif CRYPTO_FREE_REF(&prov->refcnt); OPENSSL_free(prov); } diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 14999540ab..7933fb209e 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -767,6 +767,9 @@ EVP_RAND_CTX *RAND_get0_public(OSSL_LIB_CTX *ctx) return NULL; ctx = ossl_lib_ctx_get_concrete(ctx); + + if (ctx == NULL) + return NULL; /* * If the private is also NULL then this is the first time we've * used this thread. @@ -800,6 +803,9 @@ EVP_RAND_CTX *RAND_get0_private(OSSL_LIB_CTX *ctx) return NULL; ctx = ossl_lib_ctx_get_concrete(ctx); + + if (ctx == NULL) + return NULL; /* * If the public is also NULL then this is the first time we've * used this thread. diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c index 31edd4f560..9337b36dc8 100644 --- a/crypto/rand/randfile.c +++ b/crypto/rand/randfile.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -16,6 +16,7 @@ # include #endif +#include "internal/e_os.h" #include "internal/cryptlib.h" #include @@ -208,8 +209,16 @@ int RAND_write_file(const char *file) * should be restrictive from the start */ int fd = open(file, O_WRONLY | O_CREAT | O_BINARY, 0600); - if (fd != -1) + + if (fd != -1) { out = fdopen(fd, "wb"); + if (out == NULL) { + close(fd); + ERR_raise_data(ERR_LIB_RAND, RAND_R_CANNOT_OPEN_FILE, + "Filename=%s", file); + return -1; + } + } } #endif diff --git a/crypto/rcu_internal.h b/crypto/rcu_internal.h index 206f6ed577..fb718580ef 100644 --- a/crypto/rcu_internal.h +++ b/crypto/rcu_internal.h @@ -1,5 +1,5 @@ /* - * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/riscv32cpuid.pl b/crypto/riscv32cpuid.pl index 20694e7de7..5ee7df0ea6 100644 --- a/crypto/riscv32cpuid.pl +++ b/crypto/riscv32cpuid.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -84,5 +84,22 @@ OPENSSL_cleanse: ___ } +{ +my ($ret) = ('a0'); +$code .= <<___; +################################################################################ +# size_t riscv_vlen_asm(void) +# Return VLEN (i.e. the length of a vector register in bits). +.p2align 3 +.globl riscv_vlen_asm +.type riscv_vlen_asm,\@function +riscv_vlen_asm: + csrr $ret, vlenb + slli $ret, $ret, 3 + ret +.size riscv_vlen_asm,.-riscv_vlen_asm +___ +} + print $code; close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/riscvcap.c b/crypto/riscvcap.c index db75c21b28..3bd914ff20 100644 --- a/crypto/riscvcap.c +++ b/crypto/riscvcap.c @@ -42,7 +42,7 @@ size_t OPENSSL_instrument_bus2(unsigned int *out, size_t cnt, size_t max) static void strtoupper(char *str) { for (char *x = str; *x; ++x) - *x = toupper(*x); + *x = toupper((unsigned char)*x); } /* parse_env() parses a RISC-V architecture string. An example of such a string diff --git a/crypto/rsa/rsa_backend.c b/crypto/rsa/rsa_backend.c index 1a9b783a9b..36ee283370 100644 --- a/crypto/rsa/rsa_backend.c +++ b/crypto/rsa/rsa_backend.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c index f67e1152bb..79e66823ff 100644 --- a/crypto/rsa/rsa_gen.c +++ b/crypto/rsa/rsa_gen.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -147,6 +147,7 @@ int ossl_rsa_multiprime_derive(RSA *rsa, int bits, int primes, goto err; if (!sk_BIGNUM_insert(pplist, tmp, sk_BIGNUM_num(pplist))) goto err; + tmp = NULL; break; default: factor = sk_BIGNUM_value(factors, i); @@ -158,6 +159,7 @@ int ossl_rsa_multiprime_derive(RSA *rsa, int bits, int primes, goto err; if (!sk_BIGNUM_insert(pplist, tmp, sk_BIGNUM_num(pplist))) goto err; + tmp = NULL; break; } } @@ -182,6 +184,7 @@ int ossl_rsa_multiprime_derive(RSA *rsa, int bits, int primes, goto err; if (!sk_BIGNUM_insert(pdlist, dval, sk_BIGNUM_num(pdlist))) goto err; + dval = NULL; } /* Calculate dmp1, dmq1 and additional exponents */ @@ -209,12 +212,11 @@ int ossl_rsa_multiprime_derive(RSA *rsa, int bits, int primes, newexp = BN_new(); if (newexp == NULL) goto err; - if (!BN_mod(newexp, rsa->d, newpd, ctx)) { - BN_free(newexp); + if (!BN_mod(newexp, rsa->d, newpd, ctx)) goto err; - } if (!sk_BIGNUM_insert(exps, newexp, sk_BIGNUM_num(exps))) goto err; + newexp = NULL; } /* Calculate iqmp and additional coefficients */ @@ -235,16 +237,19 @@ int ossl_rsa_multiprime_derive(RSA *rsa, int bits, int primes, if (newcoeff == NULL) goto err; if (BN_mod_inverse(newcoeff, newpp, sk_BIGNUM_value(factors, i), - ctx) == NULL) { - BN_free(newcoeff); + ctx) == NULL) goto err; - } if (!sk_BIGNUM_insert(coeffs, newcoeff, sk_BIGNUM_num(coeffs))) goto err; + newcoeff = NULL; } ret = 1; err: + BN_free(newcoeff); + BN_free(newexp); + BN_free(dval); + BN_free(tmp); sk_BIGNUM_pop_free(pplist, BN_free); sk_BIGNUM_pop_free(pdlist, BN_free); BN_CTX_end(ctx); diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index 1bd1a0a7bd..eb9c44b85a 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -141,7 +141,7 @@ void RSA_free(RSA *r) return; CRYPTO_DOWN_REF(&r->references, &i); - REF_PRINT_COUNT("RSA", r); + REF_PRINT_COUNT("RSA", i, r); if (i > 0) return; REF_ASSERT_ISNT(i < 0); @@ -188,7 +188,7 @@ int RSA_up_ref(RSA *r) if (CRYPTO_UP_REF(&r->references, &i) <= 0) return 0; - REF_PRINT_COUNT("RSA", r); + REF_PRINT_COUNT("RSA", i, r); REF_ASSERT_ISNT(i < 2); return i > 1 ? 1 : 0; } diff --git a/crypto/rsa/rsa_local.h b/crypto/rsa/rsa_local.h index f0084aeab4..db9eb2a1df 100644 --- a/crypto/rsa/rsa_local.h +++ b/crypto/rsa/rsa_local.h @@ -1,5 +1,5 @@ /* - * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c index b9030440c4..4b5943b6bb 100644 --- a/crypto/rsa/rsa_oaep.c +++ b/crypto/rsa/rsa_oaep.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -184,7 +184,7 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, mdlen = EVP_MD_get_size(md); - if (tlen <= 0 || flen <= 0) + if (tlen <= 0 || flen <= 0 || mdlen <= 0) return -1; /* * |num| is the length of the modulus; |flen| is the length of the diff --git a/crypto/rsa/rsa_sp800_56b_check.c b/crypto/rsa/rsa_sp800_56b_check.c index 9c855a7978..b9aafdfe69 100644 --- a/crypto/rsa/rsa_sp800_56b_check.c +++ b/crypto/rsa/rsa_sp800_56b_check.c @@ -1,5 +1,5 @@ /* - * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use diff --git a/crypto/rsa/rsa_sp800_56b_gen.c b/crypto/rsa/rsa_sp800_56b_gen.c index 1e5cff56b9..b0d9104b79 100644 --- a/crypto/rsa/rsa_sp800_56b_gen.c +++ b/crypto/rsa/rsa_sp800_56b_gen.c @@ -1,5 +1,5 @@ /* - * Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use diff --git a/crypto/s390x_arch.h b/crypto/s390x_arch.h index fdc682af06..6ac40b92fb 100644 --- a/crypto/s390x_arch.h +++ b/crypto/s390x_arch.h @@ -74,17 +74,21 @@ struct OPENSSL_s390xcap_st { unsigned long long kdsa[2]; }; -#if defined(__GNUC__) && defined(__linux) -__attribute__ ((visibility("hidden"))) -#endif +# if defined(__GNUC__) && defined(__linux) +__attribute__((visibility("hidden"))) +# endif extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P; -#ifdef S390X_MOD_EXP -# if defined(__GNUC__) && defined(__linux) -__attribute__ ((visibility("hidden"))) -# endif +# ifdef S390X_MOD_EXP +# if defined(__GNUC__) && defined(__linux) +__attribute__((visibility("hidden"))) +# endif extern int OPENSSL_s390xcex; -#endif +# if defined(__GNUC__) && defined(__linux) +__attribute__((visibility("hidden"))) +# endif +extern int OPENSSL_s390xcex_nodev; +# endif /* Max number of 64-bit words currently returned by STFLE */ # define S390X_STFLE_MAX 3 diff --git a/crypto/s390xcap.c b/crypto/s390xcap.c index 7721b5c801..82b2654fb5 100644 --- a/crypto/s390xcap.c +++ b/crypto/s390xcap.c @@ -86,8 +86,8 @@ void OPENSSL_s390x_functions(void); struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P; #ifdef S390X_MOD_EXP -static int probe_cex(void); int OPENSSL_s390xcex; +int OPENSSL_s390xcex_nodev; #if defined(__GNUC__) __attribute__ ((visibility("hidden"))) @@ -217,45 +217,12 @@ void OPENSSL_cpuid_setup(void) OPENSSL_s390xcex = -1; } else { OPENSSL_s390xcex = open("/dev/z90crypt", O_RDWR | O_CLOEXEC); - if (probe_cex() == 1) - OPENSSL_atexit(OPENSSL_s390x_cleanup); + OPENSSL_atexit(OPENSSL_s390x_cleanup); } + OPENSSL_s390xcex_nodev = 0; #endif } -#ifdef S390X_MOD_EXP -static int probe_cex(void) -{ - struct ica_rsa_modexpo me; - const unsigned char inval[16] = { - 0,0,0,0,0,0,0,0, - 0,0,0,0,0,0,0,2 - }; - const unsigned char modulus[16] = { - 0,0,0,0,0,0,0,0, - 0,0,0,0,0,0,0,3 - }; - unsigned char res[16]; - int olderrno; - int rc = 1; - - me.inputdata = (unsigned char *)inval; - me.inputdatalength = sizeof(inval); - me.outputdata = (unsigned char *)res; - me.outputdatalength = sizeof(res); - me.b_key = (unsigned char *)inval; - me.n_modulus = (unsigned char *)modulus; - olderrno = errno; - if (ioctl(OPENSSL_s390xcex, ICARSAMODEXPO, &me) == -1) { - (void)close(OPENSSL_s390xcex); - OPENSSL_s390xcex = -1; - rc = 0; - } - errno = olderrno; - return rc; -} -#endif - static int parse_env(struct OPENSSL_s390xcap_st *cap, int *cex) { /*- diff --git a/crypto/sha/asm/sha1-armv4-large.pl b/crypto/sha/asm/sha1-armv4-large.pl index 2832c5b530..b3a8ec6941 100644 --- a/crypto/sha/asm/sha1-armv4-large.pl +++ b/crypto/sha/asm/sha1-armv4-large.pl @@ -708,6 +708,7 @@ ___ $code.=<<___; #if __ARM_MAX_ARCH__>=7 .extern OPENSSL_armcap_P +.hidden OPENSSL_armcap_P #endif ___ diff --git a/crypto/sha/asm/sha256-armv4.pl b/crypto/sha/asm/sha256-armv4.pl index 8bac84b1a8..feb1f26109 100644 --- a/crypto/sha/asm/sha256-armv4.pl +++ b/crypto/sha/asm/sha256-armv4.pl @@ -694,6 +694,7 @@ $code.=<<___; .align 2 #if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__) .extern OPENSSL_armcap_P +.hidden OPENSSL_armcap_P #endif ___ diff --git a/crypto/sha/asm/sha512-armv4.pl b/crypto/sha/asm/sha512-armv4.pl index c8b8110671..9aa310ffd0 100644 --- a/crypto/sha/asm/sha512-armv4.pl +++ b/crypto/sha/asm/sha512-armv4.pl @@ -661,6 +661,7 @@ $code.=<<___; .align 2 #if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__) .extern OPENSSL_armcap_P +.hidden OPENSSL_armcap_P #endif ___ diff --git a/crypto/sleep.c b/crypto/sleep.c index d9c5b35b21..73467fb859 100644 --- a/crypto/sleep.c +++ b/crypto/sleep.c @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -22,25 +22,17 @@ void OSSL_sleep(uint64_t millis) ts.tv_sec = (long int) (millis / 1000); ts.tv_nsec = (long int) (millis % 1000) * 1000000ul; nanosleep(&ts, NULL); -# elif defined(__TANDEM) -# if !defined(_REENTRANT) +# elif defined(__TANDEM) && !defined(_REENTRANT) # include /* HPNS does not support usleep for non threaded apps */ PROCESS_DELAY_(millis * 1000); -# elif defined(_SPT_MODEL_) -# include -# include - - usleep(millis * 1000); -# else - usleep(millis * 1000); -# endif # else unsigned int s = (unsigned int)(millis / 1000); unsigned int us = (unsigned int)((millis % 1000) * 1000); - sleep(s); + if (s > 0) + sleep(s); usleep(us); # endif } diff --git a/crypto/sm2/sm2_crypt.c b/crypto/sm2/sm2_crypt.c index b2d048cb59..b7303af522 100644 --- a/crypto/sm2/sm2_crypt.c +++ b/crypto/sm2/sm2_crypt.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2017 Ribose Inc. All Rights Reserved. * Ported from Ribose contributions from Botan. * @@ -54,6 +54,18 @@ static size_t ec_field_size(const EC_GROUP *group) return BN_num_bytes(p); } +static int is_all_zeros(const unsigned char *msg, size_t msglen) +{ + unsigned char re = 0; + size_t i; + + for (i = 0; i < msglen; i++) { + re |= msg[i]; + } + + return re == 0 ? 1 : 0; +} + int ossl_sm2_plaintext_size(const unsigned char *ct, size_t ct_size, size_t *pt_size) { @@ -168,6 +180,11 @@ int ossl_sm2_encrypt(const EC_KEY *key, memset(ciphertext_buf, 0, *ciphertext_len); + msg_mask = OPENSSL_zalloc(msg_len); + if (msg_mask == NULL) + goto done; + +again: if (!BN_priv_rand_range_ex(k, order, 0, ctx)) { ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR); goto done; @@ -187,10 +204,6 @@ int ossl_sm2_encrypt(const EC_KEY *key, goto done; } - msg_mask = OPENSSL_zalloc(msg_len); - if (msg_mask == NULL) - goto done; - /* X9.63 with no salt happens to match the KDF used in SM2 */ if (!ossl_ecdh_kdf_X9_63(msg_mask, msg_len, x2y2, 2 * field_size, NULL, 0, digest, libctx, propq)) { @@ -198,6 +211,11 @@ int ossl_sm2_encrypt(const EC_KEY *key, goto done; } + if (is_all_zeros(msg_mask, msg_len)) { + memset(x2y2, 0, 2 * field_size); + goto again; + } + for (i = 0; i != msg_len; ++i) msg_mask[i] ^= msg[i]; @@ -349,6 +367,11 @@ int ossl_sm2_decrypt(const EC_KEY *key, goto done; } + if (is_all_zeros(msg_mask, msg_len)) { + ERR_raise(ERR_LIB_SM2, SM2_R_INVALID_ENCODING); + goto done; + } + for (i = 0; i != msg_len; ++i) ptext_buf[i] = C2[i] ^ msg_mask[i]; diff --git a/crypto/sm2/sm2_sign.c b/crypto/sm2/sm2_sign.c index ca76128a24..a542fc2ceb 100644 --- a/crypto/sm2/sm2_sign.c +++ b/crypto/sm2/sm2_sign.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2017 Ribose Inc. All Rights Reserved. * Ported from Ribose contributions from Botan. * @@ -28,6 +28,7 @@ int ossl_sm2_compute_z_digest(uint8_t *out, { int rc = 0; const EC_GROUP *group = EC_KEY_get0_group(key); + const EC_POINT *pubkey = EC_KEY_get0_public_key(key); BN_CTX *ctx = NULL; EVP_MD_CTX *hash = NULL; BIGNUM *p = NULL; @@ -42,6 +43,12 @@ int ossl_sm2_compute_z_digest(uint8_t *out, uint16_t entl = 0; uint8_t e_byte = 0; + /* SM2 Signatures require a public key, check for it */ + if (pubkey == NULL) { + ERR_raise(ERR_LIB_SM2, ERR_R_PASSED_NULL_PARAMETER); + goto done; + } + hash = EVP_MD_CTX_new(); if (hash == NULL) { ERR_raise(ERR_LIB_SM2, ERR_R_EVP_LIB); @@ -119,7 +126,7 @@ int ossl_sm2_compute_z_digest(uint8_t *out, || BN_bn2binpad(yG, buf, p_bytes) < 0 || !EVP_DigestUpdate(hash, buf, p_bytes) || !EC_POINT_get_affine_coordinates(group, - EC_KEY_get0_public_key(key), + pubkey, xA, yA, ctx) || BN_bn2binpad(xA, buf, p_bytes) < 0 || !EVP_DigestUpdate(hash, buf, p_bytes) @@ -331,12 +338,10 @@ static int sm2_sig_verify(const EC_KEY *key, const ECDSA_SIG *sig, OSSL_LIB_CTX *libctx = ossl_ec_key_get_libctx(key); ctx = BN_CTX_new_ex(libctx); - pt = EC_POINT_new(group); - if (ctx == NULL || pt == NULL) { - ERR_raise(ERR_LIB_SM2, ERR_R_EC_LIB); + if (ctx == NULL) { + ERR_raise(ERR_LIB_SM2, ERR_R_BN_LIB); goto done; } - BN_CTX_start(ctx); t = BN_CTX_get(ctx); x1 = BN_CTX_get(ctx); @@ -345,6 +350,12 @@ static int sm2_sig_verify(const EC_KEY *key, const ECDSA_SIG *sig, goto done; } + pt = EC_POINT_new(group); + if (pt == NULL) { + ERR_raise(ERR_LIB_SM2, ERR_R_EC_LIB); + goto done; + } + /* * B1: verify whether r' in [1,n-1], verification failed if not * B2: verify whether s' in [1,n-1], verification failed if not @@ -450,6 +461,11 @@ int ossl_sm2_internal_sign(const unsigned char *dgst, int dgstlen, int sigleni; int ret = -1; + if (sig == NULL) { + ERR_raise(ERR_LIB_SM2, ERR_R_PASSED_NULL_PARAMETER); + goto done; + } + e = BN_bin2bn(dgst, dgstlen, NULL); if (e == NULL) { ERR_raise(ERR_LIB_SM2, ERR_R_BN_LIB); @@ -462,7 +478,7 @@ int ossl_sm2_internal_sign(const unsigned char *dgst, int dgstlen, goto done; } - sigleni = i2d_ECDSA_SIG(s, sig != NULL ? &sig : NULL); + sigleni = i2d_ECDSA_SIG(s, &sig); if (sigleni < 0) { ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR); goto done; diff --git a/crypto/sm3/sm3_local.h b/crypto/sm3/sm3_local.h index d2845f9678..897418aee1 100644 --- a/crypto/sm3/sm3_local.h +++ b/crypto/sm3/sm3_local.h @@ -1,5 +1,5 @@ /* - * Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2017 Ribose Inc. All Rights Reserved. * Ported from Ribose contributions from Botan. * @@ -39,7 +39,7 @@ # define HWSM3_CAPABLE (OPENSSL_armcap_P & ARMV8_SM3) void ossl_hwsm3_block_data_order(SM3_CTX *c, const void *p, size_t num); # endif -# if defined(__riscv) && __riscv_xlen == 64 +# if defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 64 # include "crypto/riscv_arch.h" # define HWSM3_CAPABLE 1 void ossl_hwsm3_block_data_order(SM3_CTX *c, const void *p, size_t num); diff --git a/crypto/sm4/asm/vpsm4-armv8.pl b/crypto/sm4/asm/vpsm4-armv8.pl index 35b86cd68f..78357676a5 100755 --- a/crypto/sm4/asm/vpsm4-armv8.pl +++ b/crypto/sm4/asm/vpsm4-armv8.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/sm4/asm/vpsm4_ex-armv8.pl b/crypto/sm4/asm/vpsm4_ex-armv8.pl index de6ee6110d..f4bcdbad1b 100644 --- a/crypto/sm4/asm/vpsm4_ex-armv8.pl +++ b/crypto/sm4/asm/vpsm4_ex-armv8.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c index e89f58b200..4274af3c72 100644 --- a/crypto/srp/srp_vfy.c +++ b/crypto/srp/srp_vfy.c @@ -214,6 +214,8 @@ int SRP_user_pwd_set1_ids(SRP_user_pwd *vinfo, const char *id, { OPENSSL_free(vinfo->id); OPENSSL_free(vinfo->info); + vinfo->id = NULL; + vinfo->info = NULL; if (id != NULL && NULL == (vinfo->id = OPENSSL_strdup(id))) return 0; return (info == NULL || NULL != (vinfo->info = OPENSSL_strdup(info))); diff --git a/crypto/stack/stack.c b/crypto/stack/stack.c index 05a37ed87d..e813989624 100644 --- a/crypto/stack/stack.c +++ b/crypto/stack/stack.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/store/store_lib.c b/crypto/store/store_lib.c index 05a8044f89..0b55123d81 100644 --- a/crypto/store/store_lib.c +++ b/crypto/store/store_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -149,8 +149,8 @@ OSSL_STORE_open_ex(const char *uri, OSSL_LIB_CTX *libctx, const char *propq, ossl_pw_passphrase_callback_dec, &pwdata); } else { - loader_ctx = fetched_loader->p_open(provctx, uri); - if (loader_ctx != NULL && + if (fetched_loader->p_open != NULL && + (loader_ctx = fetched_loader->p_open(provctx, uri)) != NULL && !loader_set_params(fetched_loader, loader_ctx, params, propq)) { (void)fetched_loader->p_close(loader_ctx); @@ -1037,6 +1037,7 @@ OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bp, const char *scheme, OSSL_CORE_BIO *cbio = ossl_core_bio_new_from_bio(bp); if (cbio == NULL + || fetched_loader->p_attach == NULL || (loader_ctx = fetched_loader->p_attach(provctx, cbio)) == NULL) { OSSL_STORE_LOADER_free(fetched_loader); fetched_loader = NULL; diff --git a/crypto/thread/build.info b/crypto/thread/build.info index 191e25e20d..b3bada0ed3 100644 --- a/crypto/thread/build.info +++ b/crypto/thread/build.info @@ -14,7 +14,7 @@ ELSE IF[{- !$disabled{quic} -}] SOURCE[../../libssl]=$THREADS_ARCH ENDIF - $THREADS=api.c + $THREADS=api.c arch/thread_win.c ENDIF SOURCE[../../libcrypto]=$THREADS diff --git a/crypto/threads_none.c b/crypto/threads_none.c index eb7b036fce..66ef99f497 100644 --- a/crypto/threads_none.c +++ b/crypto/threads_none.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -23,7 +23,8 @@ struct rcu_lock_st { struct rcu_cb_item *cb_items; }; -CRYPTO_RCU_LOCK *ossl_rcu_lock_new(int num_writers) +CRYPTO_RCU_LOCK *ossl_rcu_lock_new(int num_writers, + ossl_unused OSSL_LIB_CTX *ctx) { struct rcu_lock_st *lock; diff --git a/crypto/threads_pthread.c b/crypto/threads_pthread.c index 1c8b345959..cb31326f47 100644 --- a/crypto/threads_pthread.c +++ b/crypto/threads_pthread.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -29,7 +29,7 @@ * * See: https://github.com/llvm/llvm-project/commit/a4c2602b714e6c6edb98164550a5ae829b2de760 */ -#define BROKEN_CLANG_ATOMICS +# define BROKEN_CLANG_ATOMICS #endif #if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) && !defined(OPENSSL_SYS_WINDOWS) @@ -37,7 +37,7 @@ # if defined(OPENSSL_SYS_UNIX) # include # include -#endif +# endif # include @@ -45,71 +45,90 @@ # define USE_RWLOCK # endif -# if defined(__GNUC__) && defined(__ATOMIC_ACQUIRE) && !defined(BROKEN_CLANG_ATOMICS) -# define ATOMIC_LOAD_N(p,o) __atomic_load_n(p, o) -# define ATOMIC_STORE_N(p, v, o) __atomic_store_n(p, v, o) -# define ATOMIC_STORE(p, v, o) __atomic_store(p, v, o) -# define ATOMIC_EXCHANGE_N(p, v, o) __atomic_exchange_n(p, v, o) -# define ATOMIC_ADD_FETCH(p, v, o) __atomic_add_fetch(p, v, o) -# define ATOMIC_FETCH_ADD(p, v, o) __atomic_fetch_add(p, v, o) -# define ATOMIC_SUB_FETCH(p, v, o) __atomic_sub_fetch(p, v, o) -# define ATOMIC_AND_FETCH(p, m, o) __atomic_and_fetch(p, m, o) -# define ATOMIC_OR_FETCH(p, m, o) __atomic_or_fetch(p, m, o) -#else +/* + * For all GNU/clang atomic builtins, we also need fallbacks, to cover all + * other compilers. + + * Unfortunately, we can't do that with some "generic type", because there's no + * guarantee that the chosen generic type is large enough to cover all cases. + * Therefore, we implement fallbacks for each applicable type, with composed + * names that include the type they handle. + * + * (an anecdote: we previously tried to use |void *| as the generic type, with + * the thought that the pointer itself is the largest type. However, this is + * not true on 32-bit pointer platforms, as a |uint64_t| is twice as large) + * + * All applicable ATOMIC_ macros take the intended type as first parameter, so + * they can map to the correct fallback function. In the GNU/clang case, that + * parameter is simply ignored. + */ + +/* + * Internal types used with the ATOMIC_ macros, to make it possible to compose + * fallback function names. + */ +typedef void *pvoid; + +# if defined(__GNUC__) && defined(__ATOMIC_ACQUIRE) && !defined(BROKEN_CLANG_ATOMICS) \ + && !defined(USE_ATOMIC_FALLBACKS) +# define ATOMIC_LOAD_N(t, p, o) __atomic_load_n(p, o) +# define ATOMIC_STORE_N(t, p, v, o) __atomic_store_n(p, v, o) +# define ATOMIC_STORE(t, p, v, o) __atomic_store(p, v, o) +# define ATOMIC_ADD_FETCH(p, v, o) __atomic_add_fetch(p, v, o) +# define ATOMIC_SUB_FETCH(p, v, o) __atomic_sub_fetch(p, v, o) +# else static pthread_mutex_t atomic_sim_lock = PTHREAD_MUTEX_INITIALIZER; -static inline void *fallback_atomic_load_n(void **p) -{ - void *ret; +# define IMPL_fallback_atomic_load_n(t) \ + static ossl_inline t fallback_atomic_load_n_##t(t *p) \ + { \ + t ret; \ + \ + pthread_mutex_lock(&atomic_sim_lock); \ + ret = *p; \ + pthread_mutex_unlock(&atomic_sim_lock); \ + return ret; \ + } +IMPL_fallback_atomic_load_n(uint32_t) +IMPL_fallback_atomic_load_n(uint64_t) +IMPL_fallback_atomic_load_n(pvoid) - pthread_mutex_lock(&atomic_sim_lock); - ret = *(void **)p; - pthread_mutex_unlock(&atomic_sim_lock); - return ret; -} +# define ATOMIC_LOAD_N(t, p, o) fallback_atomic_load_n_##t(p) -# define ATOMIC_LOAD_N(p, o) fallback_atomic_load_n((void **)p) +# define IMPL_fallback_atomic_store_n(t) \ + static ossl_inline t fallback_atomic_store_n_##t(t *p, t v) \ + { \ + t ret; \ + \ + pthread_mutex_lock(&atomic_sim_lock); \ + ret = *p; \ + *p = v; \ + pthread_mutex_unlock(&atomic_sim_lock); \ + return ret; \ + } +IMPL_fallback_atomic_store_n(uint32_t) -static inline void *fallback_atomic_store_n(void **p, void *v) -{ - void *ret; +# define ATOMIC_STORE_N(t, p, v, o) fallback_atomic_store_n_##t(p, v) - pthread_mutex_lock(&atomic_sim_lock); - ret = *p; - *p = v; - pthread_mutex_unlock(&atomic_sim_lock); - return ret; -} +# define IMPL_fallback_atomic_store(t) \ + static ossl_inline void fallback_atomic_store_##t(t *p, t *v) \ + { \ + pthread_mutex_lock(&atomic_sim_lock); \ + *p = *v; \ + pthread_mutex_unlock(&atomic_sim_lock); \ + } +IMPL_fallback_atomic_store(pvoid) -# define ATOMIC_STORE_N(p, v, o) fallback_atomic_store_n((void **)p, (void *)v) +# define ATOMIC_STORE(t, p, v, o) fallback_atomic_store_##t(p, v) -static inline void fallback_atomic_store(void **p, void **v) -{ - void *ret; +/* + * The fallbacks that follow don't need any per type implementation, as + * they are designed for uint64_t only. If there comes a time when multiple + * types need to be covered, it's relatively easy to refactor them the same + * way as the fallbacks above. + */ - pthread_mutex_lock(&atomic_sim_lock); - ret = *p; - *p = *v; - v = ret; - pthread_mutex_unlock(&atomic_sim_lock); -} - -# define ATOMIC_STORE(p, v, o) fallback_atomic_store((void **)p, (void **)v) - -static inline void *fallback_atomic_exchange_n(void **p, void *v) -{ - void *ret; - - pthread_mutex_lock(&atomic_sim_lock); - ret = *p; - *p = v; - pthread_mutex_unlock(&atomic_sim_lock); - return ret; -} - -#define ATOMIC_EXCHANGE_N(p, v, o) fallback_atomic_exchange_n((void **)p, (void *)v) - -static inline uint64_t fallback_atomic_add_fetch(uint64_t *p, uint64_t v) +static ossl_inline uint64_t fallback_atomic_add_fetch(uint64_t *p, uint64_t v) { uint64_t ret; @@ -120,22 +139,9 @@ static inline uint64_t fallback_atomic_add_fetch(uint64_t *p, uint64_t v) return ret; } -# define ATOMIC_ADD_FETCH(p, v, o) fallback_atomic_add_fetch(p, v) +# define ATOMIC_ADD_FETCH(p, v, o) fallback_atomic_add_fetch(p, v) -static inline uint64_t fallback_atomic_fetch_add(uint64_t *p, uint64_t v) -{ - uint64_t ret; - - pthread_mutex_lock(&atomic_sim_lock); - ret = *p; - *p += v; - pthread_mutex_unlock(&atomic_sim_lock); - return ret; -} - -# define ATOMIC_FETCH_ADD(p, v, o) fallback_atomic_fetch_add(p, v) - -static inline uint64_t fallback_atomic_sub_fetch(uint64_t *p, uint64_t v) +static ossl_inline uint64_t fallback_atomic_sub_fetch(uint64_t *p, uint64_t v) { uint64_t ret; @@ -146,53 +152,8 @@ static inline uint64_t fallback_atomic_sub_fetch(uint64_t *p, uint64_t v) return ret; } -# define ATOMIC_SUB_FETCH(p, v, o) fallback_atomic_sub_fetch(p, v) - -static inline uint64_t fallback_atomic_and_fetch(uint64_t *p, uint64_t m) -{ - uint64_t ret; - - pthread_mutex_lock(&atomic_sim_lock); - *p &= m; - ret = *p; - pthread_mutex_unlock(&atomic_sim_lock); - return ret; -} - -# define ATOMIC_AND_FETCH(p, v, o) fallback_atomic_and_fetch(p, v) - -static inline uint64_t fallback_atomic_or_fetch(uint64_t *p, uint64_t m) -{ - uint64_t ret; - - pthread_mutex_lock(&atomic_sim_lock); - *p |= m; - ret = *p; - pthread_mutex_unlock(&atomic_sim_lock); - return ret; -} - -# define ATOMIC_OR_FETCH(p, v, o) fallback_atomic_or_fetch(p, v) -#endif - -static CRYPTO_THREAD_LOCAL rcu_thr_key; - -/* - * users is broken up into 2 parts - * bits 0-15 current readers - * bit 32-63 - ID - */ -# define READER_SHIFT 0 -# define ID_SHIFT 32 -# define READER_SIZE 16 -# define ID_SIZE 32 - -# define READER_MASK (((uint64_t)1 << READER_SIZE) - 1) -# define ID_MASK (((uint64_t)1 << ID_SIZE) - 1) -# define READER_COUNT(x) (((uint64_t)(x) >> READER_SHIFT) & READER_MASK) -# define ID_VAL(x) (((uint64_t)(x) >> ID_SHIFT) & ID_MASK) -# define VAL_READER ((uint64_t)1 << READER_SHIFT) -# define VAL_ID(x) ((uint64_t)x << ID_SHIFT) +# define ATOMIC_SUB_FETCH(p, v, o) fallback_atomic_sub_fetch(p, v) +# endif /* * This is the core of an rcu lock. It tracks the readers and writers for the @@ -210,7 +171,7 @@ struct thread_qp { CRYPTO_RCU_LOCK *lock; }; -#define MAX_QPS 10 +# define MAX_QPS 10 /* * This is the per thread tracking data * that is assigned to each thread participating @@ -231,23 +192,26 @@ struct rcu_lock_st { /* Callbacks to call for next ossl_synchronize_rcu */ struct rcu_cb_item *cb_items; - /* rcu generation counter for in-order retirement */ - uint32_t id_ctr; + /* The context we are being created against */ + OSSL_LIB_CTX *ctx; /* Array of quiescent points for synchronization */ struct rcu_qp *qp_group; + /* rcu generation counter for in-order retirement */ + uint32_t id_ctr; + /* Number of elements in qp_group array */ - size_t group_count; + uint32_t group_count; /* Index of the current qp in the qp_group array */ - uint64_t reader_idx; + uint32_t reader_idx; /* value of the next id_ctr value to be retired */ uint32_t next_to_retire; /* index of the next free rcu_qp in the qp_group */ - uint64_t current_alloc_idx; + uint32_t current_alloc_idx; /* number of qp's in qp_group array currently being retired */ uint32_t writers_alloced; @@ -268,31 +232,15 @@ struct rcu_lock_st { pthread_cond_t prior_signal; }; -/* - * Called on thread exit to free the pthread key - * associated with this thread, if any - */ -static void free_rcu_thr_data(void *ptr) -{ - struct rcu_thr_data *data = - (struct rcu_thr_data *)CRYPTO_THREAD_get_local(&rcu_thr_key); - - OPENSSL_free(data); - CRYPTO_THREAD_set_local(&rcu_thr_key, NULL); -} - -static void ossl_rcu_init(void) -{ - CRYPTO_THREAD_init_local(&rcu_thr_key, NULL); -} - /* Read side acquisition of the current qp */ static struct rcu_qp *get_hold_current_qp(struct rcu_lock_st *lock) { - uint64_t qp_idx; + uint32_t qp_idx; /* get the current qp index */ for (;;) { + qp_idx = ATOMIC_LOAD_N(uint32_t, &lock->reader_idx, __ATOMIC_RELAXED); + /* * Notes on use of __ATOMIC_ACQUIRE * We need to ensure the following: @@ -303,53 +251,49 @@ static struct rcu_qp *get_hold_current_qp(struct rcu_lock_st *lock) * of the lock is flushed from a local cpu cache so that we see any * updates prior to the load. This is a non-issue on cache coherent * systems like x86, but is relevant on other arches - * Note: This applies to the reload below as well */ - qp_idx = (uint64_t)ATOMIC_LOAD_N(&lock->reader_idx, __ATOMIC_ACQUIRE); - - /* - * Notes of use of __ATOMIC_RELEASE - * This counter is only read by the write side of the lock, and so we - * specify __ATOMIC_RELEASE here to ensure that the write side of the - * lock see this during the spin loop read of users, as it waits for the - * reader count to approach zero - */ - ATOMIC_ADD_FETCH(&lock->qp_group[qp_idx].users, VAL_READER, - __ATOMIC_RELEASE); + ATOMIC_ADD_FETCH(&lock->qp_group[qp_idx].users, (uint64_t)1, + __ATOMIC_ACQUIRE); /* if the idx hasn't changed, we're good, else try again */ - if (qp_idx == (uint64_t)ATOMIC_LOAD_N(&lock->reader_idx, __ATOMIC_ACQUIRE)) + if (qp_idx == ATOMIC_LOAD_N(uint32_t, &lock->reader_idx, + __ATOMIC_RELAXED)) break; - /* - * Notes on use of __ATOMIC_RELEASE - * As with the add above, we want to ensure that this decrement is - * seen by the write side of the lock as soon as it happens to prevent - * undue spinning waiting for write side completion - */ - ATOMIC_SUB_FETCH(&lock->qp_group[qp_idx].users, VAL_READER, - __ATOMIC_RELEASE); + ATOMIC_SUB_FETCH(&lock->qp_group[qp_idx].users, (uint64_t)1, + __ATOMIC_RELAXED); } return &lock->qp_group[qp_idx]; } +static void ossl_rcu_free_local_data(void *arg) +{ + OSSL_LIB_CTX *ctx = arg; + CRYPTO_THREAD_LOCAL *lkey = ossl_lib_ctx_get_rcukey(ctx); + struct rcu_thr_data *data = CRYPTO_THREAD_get_local(lkey); + + OPENSSL_free(data); + CRYPTO_THREAD_set_local(lkey, NULL); +} + void ossl_rcu_read_lock(CRYPTO_RCU_LOCK *lock) { struct rcu_thr_data *data; int i, available_qp = -1; + CRYPTO_THREAD_LOCAL *lkey = ossl_lib_ctx_get_rcukey(lock->ctx); /* * we're going to access current_qp here so ask the * processor to fetch it */ - data = CRYPTO_THREAD_get_local(&rcu_thr_key); + data = CRYPTO_THREAD_get_local(lkey); if (data == NULL) { data = OPENSSL_zalloc(sizeof(*data)); OPENSSL_assert(data != NULL); - CRYPTO_THREAD_set_local(&rcu_thr_key, data); - ossl_init_thread_start(NULL, NULL, free_rcu_thr_data); + CRYPTO_THREAD_set_local(lkey, data); + ossl_init_thread_start(NULL, lock->ctx, ossl_rcu_free_local_data); } for (i = 0; i < MAX_QPS; i++) { @@ -375,7 +319,8 @@ void ossl_rcu_read_lock(CRYPTO_RCU_LOCK *lock) void ossl_rcu_read_unlock(CRYPTO_RCU_LOCK *lock) { int i; - struct rcu_thr_data *data = CRYPTO_THREAD_get_local(&rcu_thr_key); + CRYPTO_THREAD_LOCAL *lkey = ossl_lib_ctx_get_rcukey(lock->ctx); + struct rcu_thr_data *data = CRYPTO_THREAD_get_local(lkey); uint64_t ret; assert(data != NULL); @@ -383,14 +328,14 @@ void ossl_rcu_read_unlock(CRYPTO_RCU_LOCK *lock) for (i = 0; i < MAX_QPS; i++) { if (data->thread_qps[i].lock == lock) { /* - * As with read side acquisition, we use __ATOMIC_RELEASE here - * to ensure that the decrement is published immediately - * to any write side waiters + * we have to use __ATOMIC_RELEASE here + * to ensure that all preceding read instructions complete + * before the decrement is visible to ossl_synchronize_rcu */ data->thread_qps[i].depth--; if (data->thread_qps[i].depth == 0) { - ret = ATOMIC_SUB_FETCH(&data->thread_qps[i].qp->users, VAL_READER, - __ATOMIC_RELEASE); + ret = ATOMIC_SUB_FETCH(&data->thread_qps[i].qp->users, + (uint64_t)1, __ATOMIC_RELEASE); OPENSSL_assert(ret != UINT64_MAX); data->thread_qps[i].qp = NULL; data->thread_qps[i].lock = NULL; @@ -409,10 +354,9 @@ void ossl_rcu_read_unlock(CRYPTO_RCU_LOCK *lock) * Write side allocation routine to get the current qp * and replace it with a new one */ -static struct rcu_qp *update_qp(CRYPTO_RCU_LOCK *lock) +static struct rcu_qp *update_qp(CRYPTO_RCU_LOCK *lock, uint32_t *curr_id) { - uint64_t new_id; - uint64_t current_idx; + uint32_t current_idx; pthread_mutex_lock(&lock->alloc_lock); @@ -434,30 +378,18 @@ static struct rcu_qp *update_qp(CRYPTO_RCU_LOCK *lock) lock->current_alloc_idx = (lock->current_alloc_idx + 1) % lock->group_count; - /* get and insert a new id */ - new_id = lock->id_ctr; + *curr_id = lock->id_ctr; lock->id_ctr++; - new_id = VAL_ID(new_id); - /* - * Even though we are under a write side lock here - * We need to use atomic instructions to ensure that the results - * of this update are published to the read side prior to updating the - * reader idx below - */ - ATOMIC_AND_FETCH(&lock->qp_group[current_idx].users, ID_MASK, - __ATOMIC_RELEASE); - ATOMIC_OR_FETCH(&lock->qp_group[current_idx].users, new_id, - __ATOMIC_RELEASE); + ATOMIC_STORE_N(uint32_t, &lock->reader_idx, lock->current_alloc_idx, + __ATOMIC_RELAXED); /* - * Update the reader index to be the prior qp. - * Note the use of __ATOMIC_RELEASE here is based on the corresponding use - * of __ATOMIC_ACQUIRE in get_hold_current_qp, as we want any publication - * of this value to be seen on the read side immediately after it happens + * this should make sure that the new value of reader_idx is visible in + * get_hold_current_qp, directly after incrementing the users count */ - ATOMIC_STORE_N(&lock->reader_idx, lock->current_alloc_idx, - __ATOMIC_RELEASE); + ATOMIC_ADD_FETCH(&lock->qp_group[current_idx].users, (uint64_t)0, + __ATOMIC_RELEASE); /* wake up any waiters */ pthread_cond_signal(&lock->alloc_signal); @@ -474,7 +406,7 @@ static void retire_qp(CRYPTO_RCU_LOCK *lock, struct rcu_qp *qp) } static struct rcu_qp *allocate_new_qp_group(CRYPTO_RCU_LOCK *lock, - int count) + uint32_t count) { struct rcu_qp *new = OPENSSL_zalloc(sizeof(*new) * count); @@ -497,30 +429,34 @@ void ossl_synchronize_rcu(CRYPTO_RCU_LOCK *lock) { struct rcu_qp *qp; uint64_t count; + uint32_t curr_id; struct rcu_cb_item *cb_items, *tmpcb; - /* - * __ATOMIC_ACQ_REL is used here to ensure that we get any prior published - * writes before we read, and publish our write immediately - */ - cb_items = ATOMIC_EXCHANGE_N(&lock->cb_items, NULL, __ATOMIC_ACQ_REL); + pthread_mutex_lock(&lock->write_lock); + cb_items = lock->cb_items; + lock->cb_items = NULL; + pthread_mutex_unlock(&lock->write_lock); - qp = update_qp(lock); + qp = update_qp(lock, &curr_id); + + /* retire in order */ + pthread_mutex_lock(&lock->prior_lock); + while (lock->next_to_retire != curr_id) + pthread_cond_wait(&lock->prior_signal, &lock->prior_lock); /* * wait for the reader count to reach zero * Note the use of __ATOMIC_ACQUIRE here to ensure that any - * prior __ATOMIC_RELEASE write operation in get_hold_current_qp + * prior __ATOMIC_RELEASE write operation in ossl_rcu_read_unlock * is visible prior to our read + * however this is likely just necessary to silence a tsan warning + * because the read side should not do any write operation + * outside the atomic itself */ do { - count = (uint64_t)ATOMIC_LOAD_N(&qp->users, __ATOMIC_ACQUIRE); - } while (READER_COUNT(count) != 0); + count = ATOMIC_LOAD_N(uint64_t, &qp->users, __ATOMIC_ACQUIRE); + } while (count != (uint64_t)0); - /* retire in order */ - pthread_mutex_lock(&lock->prior_lock); - while (lock->next_to_retire != ID_VAL(count)) - pthread_cond_wait(&lock->prior_signal, &lock->prior_lock); lock->next_to_retire++; pthread_cond_broadcast(&lock->prior_signal); pthread_mutex_unlock(&lock->prior_lock); @@ -536,6 +472,10 @@ void ossl_synchronize_rcu(CRYPTO_RCU_LOCK *lock) } } +/* + * Note: This call assumes its made under the protection of + * ossl_rcu_write_lock + */ int ossl_rcu_call(CRYPTO_RCU_LOCK *lock, rcu_cb_fn cb, void *data) { struct rcu_cb_item *new = @@ -546,52 +486,54 @@ int ossl_rcu_call(CRYPTO_RCU_LOCK *lock, rcu_cb_fn cb, void *data) new->data = data; new->fn = cb; - /* - * Use __ATOMIC_ACQ_REL here to indicate that any prior writes to this - * list are visible to us prior to reading, and publish the new value - * immediately - */ - new->next = ATOMIC_EXCHANGE_N(&lock->cb_items, new, __ATOMIC_ACQ_REL); + + new->next = lock->cb_items; + lock->cb_items = new; return 1; } void *ossl_rcu_uptr_deref(void **p) { - return (void *)ATOMIC_LOAD_N(p, __ATOMIC_ACQUIRE); + return ATOMIC_LOAD_N(pvoid, p, __ATOMIC_ACQUIRE); } void ossl_rcu_assign_uptr(void **p, void **v) { - ATOMIC_STORE(p, v, __ATOMIC_RELEASE); + ATOMIC_STORE(pvoid, p, v, __ATOMIC_RELEASE); } -static CRYPTO_ONCE rcu_init_once = CRYPTO_ONCE_STATIC_INIT; - -CRYPTO_RCU_LOCK *ossl_rcu_lock_new(int num_writers) +CRYPTO_RCU_LOCK *ossl_rcu_lock_new(int num_writers, OSSL_LIB_CTX *ctx) { struct rcu_lock_st *new; - if (!CRYPTO_THREAD_run_once(&rcu_init_once, ossl_rcu_init)) - return NULL; + /* + * We need a minimum of 2 qp's + */ + if (num_writers < 2) + num_writers = 2; - if (num_writers < 1) - num_writers = 1; + ctx = ossl_lib_ctx_get_concrete(ctx); + if (ctx == NULL) + return 0; new = OPENSSL_zalloc(sizeof(*new)); if (new == NULL) return NULL; + new->ctx = ctx; pthread_mutex_init(&new->write_lock, NULL); pthread_mutex_init(&new->prior_lock, NULL); pthread_mutex_init(&new->alloc_lock, NULL); pthread_cond_init(&new->prior_signal, NULL); pthread_cond_init(&new->alloc_signal, NULL); - new->qp_group = allocate_new_qp_group(new, num_writers + 1); + + new->qp_group = allocate_new_qp_group(new, num_writers); if (new->qp_group == NULL) { OPENSSL_free(new); new = NULL; } + return new; } @@ -816,7 +758,7 @@ int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret, int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock) { -# if defined(__GNUC__) && defined(__ATOMIC_ACQUIRE) && !defined(BROKEN_CLANG_ATOMICS) +# if defined(__GNUC__) && defined(__ATOMIC_ACQ_REL) && !defined(BROKEN_CLANG_ATOMICS) if (__atomic_is_lock_free(sizeof(*val), val)) { __atomic_load(val, ret, __ATOMIC_ACQUIRE); return 1; @@ -839,7 +781,7 @@ int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock) int CRYPTO_atomic_load_int(int *val, int *ret, CRYPTO_RWLOCK *lock) { -# if defined(__GNUC__) && defined(__ATOMIC_ACQUIRE) && !defined(BROKEN_CLANG_ATOMICS) +# if defined(__GNUC__) && defined(__ATOMIC_ACQ_REL) && !defined(BROKEN_CLANG_ATOMICS) if (__atomic_is_lock_free(sizeof(*val), val)) { __atomic_load(val, ret, __ATOMIC_ACQUIRE); return 1; @@ -847,7 +789,7 @@ int CRYPTO_atomic_load_int(int *val, int *ret, CRYPTO_RWLOCK *lock) # elif defined(__sun) && (defined(__SunOS_5_10) || defined(__SunOS_5_11)) /* This will work for all future Solaris versions. */ if (ret != NULL) { - *ret = (int *)atomic_or_uint_nv((unsigned int *)val, 0); + *ret = (int)atomic_or_uint_nv((unsigned int *)val, 0); return 1; } # endif diff --git a/crypto/threads_win.c b/crypto/threads_win.c index fd51c735f8..6160e6810d 100644 --- a/crypto/threads_win.c +++ b/crypto/threads_win.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -43,20 +43,6 @@ typedef struct { } CRYPTO_win_rwlock; # endif -static CRYPTO_THREAD_LOCAL rcu_thr_key; - -# define READER_SHIFT 0 -# define ID_SHIFT 32 -# define READER_SIZE 32 -# define ID_SIZE 32 - -# define READER_MASK (((LONG64)1 << READER_SIZE)-1) -# define ID_MASK (((LONG64)1 << ID_SIZE)-1) -# define READER_COUNT(x) (((LONG64)(x) >> READER_SHIFT) & READER_MASK) -# define ID_VAL(x) (((LONG64)(x) >> ID_SHIFT) & ID_MASK) -# define VAL_READER ((LONG64)1 << READER_SHIFT) -# define VAL_ID(x) ((LONG64)x << ID_SHIFT) - /* * This defines a quescent point (qp) * This is the barrier beyond which a writer @@ -92,9 +78,16 @@ struct rcu_thr_data { */ struct rcu_lock_st { struct rcu_cb_item *cb_items; - uint32_t id_ctr; + OSSL_LIB_CTX *ctx; + + /* Array of quiescent points for synchronization */ struct rcu_qp *qp_group; - size_t group_count; + + /* rcu generation counter for in-order retirement */ + uint32_t id_ctr; + + /* Number of elements in qp_group array */ + uint32_t group_count; uint32_t next_to_retire; volatile long int reader_idx; uint32_t current_alloc_idx; @@ -106,28 +99,8 @@ struct rcu_lock_st { CRYPTO_CONDVAR *prior_signal; }; -/* - * Called on thread exit to free the pthread key - * associated with this thread, if any - */ -static void free_rcu_thr_data(void *ptr) -{ - struct rcu_thr_data *data = - (struct rcu_thr_data *)CRYPTO_THREAD_get_local(&rcu_thr_key); - - OPENSSL_free(data); - CRYPTO_THREAD_set_local(&rcu_thr_key, NULL); -} - - -static void ossl_rcu_init(void) -{ - CRYPTO_THREAD_init_local(&rcu_thr_key, NULL); - ossl_init_thread_start(NULL, NULL, free_rcu_thr_data); -} - static struct rcu_qp *allocate_new_qp_group(struct rcu_lock_st *lock, - int count) + uint32_t count) { struct rcu_qp *new = OPENSSL_zalloc(sizeof(*new) * count); @@ -136,30 +109,32 @@ static struct rcu_qp *allocate_new_qp_group(struct rcu_lock_st *lock, return new; } -static CRYPTO_ONCE rcu_init_once = CRYPTO_ONCE_STATIC_INIT; - -CRYPTO_RCU_LOCK *ossl_rcu_lock_new(int num_writers) +CRYPTO_RCU_LOCK *ossl_rcu_lock_new(int num_writers, OSSL_LIB_CTX *ctx) { struct rcu_lock_st *new; - if (!CRYPTO_THREAD_run_once(&rcu_init_once, ossl_rcu_init)) - return NULL; + /* + * We need a minimum of 2 qps + */ + if (num_writers < 2) + num_writers = 2; - if (num_writers < 1) - num_writers = 1; + ctx = ossl_lib_ctx_get_concrete(ctx); + if (ctx == NULL) + return 0; new = OPENSSL_zalloc(sizeof(*new)); if (new == NULL) return NULL; + new->ctx = ctx; new->write_lock = ossl_crypto_mutex_new(); new->alloc_signal = ossl_crypto_condvar_new(); new->prior_signal = ossl_crypto_condvar_new(); new->alloc_lock = ossl_crypto_mutex_new(); new->prior_lock = ossl_crypto_mutex_new(); - new->write_lock = ossl_crypto_mutex_new(); - new->qp_group = allocate_new_qp_group(new, num_writers + 1); + new->qp_group = allocate_new_qp_group(new, num_writers); if (new->qp_group == NULL || new->alloc_signal == NULL || new->prior_signal == NULL @@ -175,6 +150,7 @@ CRYPTO_RCU_LOCK *ossl_rcu_lock_new(int num_writers) OPENSSL_free(new); new = NULL; } + return new; } @@ -190,38 +166,49 @@ void ossl_rcu_lock_free(CRYPTO_RCU_LOCK *lock) OPENSSL_free(lock); } -static inline struct rcu_qp *get_hold_current_qp(CRYPTO_RCU_LOCK *lock) +static ossl_inline struct rcu_qp *get_hold_current_qp(CRYPTO_RCU_LOCK *lock) { uint32_t qp_idx; /* get the current qp index */ for (;;) { qp_idx = InterlockedOr(&lock->reader_idx, 0); - InterlockedAdd64(&lock->qp_group[qp_idx].users, VAL_READER); + InterlockedAdd64(&lock->qp_group[qp_idx].users, (LONG64)1); if (qp_idx == InterlockedOr(&lock->reader_idx, 0)) break; - InterlockedAdd64(&lock->qp_group[qp_idx].users, -VAL_READER); + InterlockedAdd64(&lock->qp_group[qp_idx].users, (LONG64)-1); } return &lock->qp_group[qp_idx]; } +static void ossl_rcu_free_local_data(void *arg) +{ + OSSL_LIB_CTX *ctx = arg; + CRYPTO_THREAD_LOCAL *lkey = ossl_lib_ctx_get_rcukey(ctx); + struct rcu_thr_data *data = CRYPTO_THREAD_get_local(lkey); + OPENSSL_free(data); + CRYPTO_THREAD_set_local(lkey, NULL); +} + void ossl_rcu_read_lock(CRYPTO_RCU_LOCK *lock) { struct rcu_thr_data *data; int i; int available_qp = -1; + CRYPTO_THREAD_LOCAL *lkey = ossl_lib_ctx_get_rcukey(lock->ctx); /* * we're going to access current_qp here so ask the * processor to fetch it */ - data = CRYPTO_THREAD_get_local(&rcu_thr_key); + data = CRYPTO_THREAD_get_local(lkey); if (data == NULL) { data = OPENSSL_zalloc(sizeof(*data)); OPENSSL_assert(data != NULL); - CRYPTO_THREAD_set_local(&rcu_thr_key, data); + CRYPTO_THREAD_set_local(lkey, data); + ossl_init_thread_start(NULL, lock->ctx, ossl_rcu_free_local_data); } for (i = 0; i < MAX_QPS; i++) { @@ -254,7 +241,8 @@ void ossl_rcu_write_unlock(CRYPTO_RCU_LOCK *lock) void ossl_rcu_read_unlock(CRYPTO_RCU_LOCK *lock) { - struct rcu_thr_data *data = CRYPTO_THREAD_get_local(&rcu_thr_key); + CRYPTO_THREAD_LOCAL *lkey = ossl_lib_ctx_get_rcukey(lock->ctx); + struct rcu_thr_data *data = CRYPTO_THREAD_get_local(lkey); int i; LONG64 ret; @@ -264,7 +252,7 @@ void ossl_rcu_read_unlock(CRYPTO_RCU_LOCK *lock) if (data->thread_qps[i].lock == lock) { data->thread_qps[i].depth--; if (data->thread_qps[i].depth == 0) { - ret = InterlockedAdd64(&data->thread_qps[i].qp->users, -VAL_READER); + ret = InterlockedAdd64(&data->thread_qps[i].qp->users, (LONG64)-1); OPENSSL_assert(ret >= 0); data->thread_qps[i].qp = NULL; data->thread_qps[i].lock = NULL; @@ -274,9 +262,8 @@ void ossl_rcu_read_unlock(CRYPTO_RCU_LOCK *lock) } } -static struct rcu_qp *update_qp(CRYPTO_RCU_LOCK *lock) +static struct rcu_qp *update_qp(CRYPTO_RCU_LOCK *lock, uint32_t *curr_id) { - uint64_t new_id; uint32_t current_idx; uint32_t tmp; @@ -298,13 +285,9 @@ static struct rcu_qp *update_qp(CRYPTO_RCU_LOCK *lock) (lock->current_alloc_idx + 1) % lock->group_count; /* get and insert a new id */ - new_id = lock->id_ctr; + *curr_id = lock->id_ctr; lock->id_ctr++; - new_id = VAL_ID(new_id); - InterlockedAnd64(&lock->qp_group[current_idx].users, ID_MASK); - InterlockedAdd64(&lock->qp_group[current_idx].users, new_id); - /* update the reader index to be the prior qp */ tmp = lock->current_alloc_idx; InterlockedExchange(&lock->reader_idx, tmp); @@ -329,22 +312,26 @@ void ossl_synchronize_rcu(CRYPTO_RCU_LOCK *lock) { struct rcu_qp *qp; uint64_t count; + uint32_t curr_id; struct rcu_cb_item *cb_items, *tmpcb; /* before we do anything else, lets grab the cb list */ - cb_items = InterlockedExchangePointer((void * volatile *)&lock->cb_items, NULL); + ossl_crypto_mutex_lock(lock->write_lock); + cb_items = lock->cb_items; + lock->cb_items = NULL; + ossl_crypto_mutex_unlock(lock->write_lock); - qp = update_qp(lock); + qp = update_qp(lock, &curr_id); + + /* retire in order */ + ossl_crypto_mutex_lock(lock->prior_lock); + while (lock->next_to_retire != curr_id) + ossl_crypto_condvar_wait(lock->prior_signal, lock->prior_lock); /* wait for the reader count to reach zero */ do { count = InterlockedOr64(&qp->users, 0); - } while (READER_COUNT(count) != 0); - - /* retire in order */ - ossl_crypto_mutex_lock(lock->prior_lock); - while (lock->next_to_retire != ID_VAL(count)) - ossl_crypto_condvar_wait(lock->prior_signal, lock->prior_lock); + } while (count != (uint64_t)0); lock->next_to_retire++; ossl_crypto_condvar_broadcast(lock->prior_signal); @@ -365,20 +352,22 @@ void ossl_synchronize_rcu(CRYPTO_RCU_LOCK *lock) } +/* + * Note, must be called under the protection of ossl_rcu_write_lock + */ int ossl_rcu_call(CRYPTO_RCU_LOCK *lock, rcu_cb_fn cb, void *data) { struct rcu_cb_item *new; - struct rcu_cb_item *prev; new = OPENSSL_zalloc(sizeof(struct rcu_cb_item)); if (new == NULL) return 0; - prev = new; new->data = data; new->fn = cb; - InterlockedExchangePointer((void * volatile *)&lock->cb_items, prev); - new->next = prev; + new->next = lock->cb_items; + lock->cb_items = new; + return 1; } @@ -568,7 +557,8 @@ int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b) int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock) { - *ret = (int)InterlockedExchangeAdd((long volatile *)val, (long)amount) + amount; + *ret = (int)InterlockedExchangeAdd((LONG volatile *)val, (LONG)amount) + + amount; return 1; } diff --git a/crypto/trace.c b/crypto/trace.c index 51387641de..3e10d91fc2 100644 --- a/crypto/trace.c +++ b/crypto/trace.c @@ -475,7 +475,7 @@ BIO *OSSL_trace_begin(int category) char *prefix = NULL; category = ossl_trace_get_category(category); - if (category < 0) + if (category < 0 || !OSSL_trace_enabled(category)) return NULL; channel = trace_channels[category].bio; diff --git a/crypto/ui/ui_util.c b/crypto/ui/ui_util.c index 59b00b225a..554bf79856 100644 --- a/crypto/ui/ui_util.c +++ b/crypto/ui/ui_util.c @@ -105,14 +105,18 @@ static int ui_read(UI *ui, UI_STRING *uis) switch (UI_get_string_type(uis)) { case UIT_PROMPT: { - char result[PEM_BUFSIZE + 1]; + int len; + char result[PEM_BUFSIZE + 1]; /* reserve one byte at the end */ const struct pem_password_cb_data *data = UI_method_get_ex_data(UI_get_method(ui), ui_method_data_index); int maxsize = UI_get_result_maxsize(uis); - int len = data->cb(result, - maxsize > PEM_BUFSIZE ? PEM_BUFSIZE : maxsize, - data->rwflag, UI_get0_user_data(ui)); + if (maxsize > PEM_BUFSIZE) + maxsize = PEM_BUFSIZE; + len = data->cb(result, maxsize, data->rwflag, + UI_get0_user_data(ui)); + if (len > maxsize) + return -1; if (len >= 0) result[len] = '\0'; if (len < 0) diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c index 1d401d0420..bdcdc4555b 100644 --- a/crypto/x509/by_dir.c +++ b/crypto/x509/by_dir.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -420,11 +420,11 @@ static int get_cert_by_subject_ex(X509_LOOKUP *xl, X509_LOOKUP_TYPE type, } finish: /* If we changed anything, resort the objects for faster lookup */ - if (!sk_X509_OBJECT_is_sorted(xl->store_ctx->objs)) { - if (X509_STORE_lock(xl->store_ctx)) { + if (X509_STORE_lock(xl->store_ctx)) { + if (!sk_X509_OBJECT_is_sorted(xl->store_ctx->objs)) { sk_X509_OBJECT_sort(xl->store_ctx->objs); - X509_STORE_unlock(xl->store_ctx); } + X509_STORE_unlock(xl->store_ctx); } BUF_MEM_free(b); diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c index 85923804ac..cd5b75d3a9 100644 --- a/crypto/x509/by_file.c +++ b/crypto/x509/by_file.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/v3_addr.c b/crypto/x509/v3_addr.c index bd937388f3..d0e5f9efe6 100644 --- a/crypto/x509/v3_addr.c +++ b/crypto/x509/v3_addr.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -407,11 +407,11 @@ static int make_addressPrefix(IPAddressOrRange **result, unsigned char *addr, const int prefixlen, const int afilen) { int bytelen = (prefixlen + 7) / 8, bitlen = prefixlen % 8; - IPAddressOrRange *aor = IPAddressOrRange_new(); + IPAddressOrRange *aor; if (prefixlen < 0 || prefixlen > (afilen * 8)) return 0; - if (aor == NULL) + if ((aor = IPAddressOrRange_new()) == NULL) return 0; aor->type = IPAddressOrRange_addressPrefix; if (aor->u.addressPrefix == NULL && diff --git a/crypto/x509/v3_admis.c b/crypto/x509/v3_admis.c index c3182a71db..8f9e95c44a 100644 --- a/crypto/x509/v3_admis.c +++ b/crypto/x509/v3_admis.c @@ -67,11 +67,10 @@ const X509V3_EXT_METHOD ossl_v3_ext_admission = { NULL /* extension-specific data */ }; - static int i2r_NAMING_AUTHORITY(const struct v3_ext_method *method, void *in, BIO *bp, int ind) { - NAMING_AUTHORITY *namingAuthority = (NAMING_AUTHORITY*) in; + NAMING_AUTHORITY *namingAuthority = (NAMING_AUTHORITY *) in; if (namingAuthority == NULL) return 0; @@ -81,14 +80,14 @@ static int i2r_NAMING_AUTHORITY(const struct v3_ext_method *method, void *in, && namingAuthority->namingAuthorityUrl == NULL) return 0; - if (BIO_printf(bp, "%*snamingAuthority: ", ind, "") <= 0) + if (BIO_printf(bp, "%*snamingAuthority:\n", ind, "") <= 0) goto err; if (namingAuthority->namingAuthorityId != NULL) { char objbuf[128]; const char *ln = OBJ_nid2ln(OBJ_obj2nid(namingAuthority->namingAuthorityId)); - if (BIO_printf(bp, "%*s admissionAuthorityId: ", ind, "") <= 0) + if (BIO_printf(bp, "%*s namingAuthorityId: ", ind, "") <= 0) goto err; OBJ_obj2txt(objbuf, sizeof(objbuf), namingAuthority->namingAuthorityId, 1); @@ -130,9 +129,10 @@ static int i2r_ADMISSION_SYNTAX(const struct v3_ext_method *method, void *in, } for (i = 0; i < sk_ADMISSIONS_num(admission->contentsOfAdmissions); i++) { - ADMISSIONS* entry = sk_ADMISSIONS_value(admission->contentsOfAdmissions, i); + ADMISSIONS *entry = sk_ADMISSIONS_value(admission->contentsOfAdmissions, i); - if (BIO_printf(bp, "%*sEntry %0d:\n", ind, "", 1 + i) <= 0) goto err; + if (BIO_printf(bp, "%*sEntry %0d:\n", ind, "", 1 + i) <= 0) + goto err; if (entry->admissionAuthority != NULL) { if (BIO_printf(bp, "%*s admissionAuthority:\n", ind, "") <= 0 @@ -143,12 +143,12 @@ static int i2r_ADMISSION_SYNTAX(const struct v3_ext_method *method, void *in, } if (entry->namingAuthority != NULL) { - if (i2r_NAMING_AUTHORITY(method, entry->namingAuthority, bp, ind) <= 0) + if (i2r_NAMING_AUTHORITY(method, entry->namingAuthority, bp, ind + 2) <= 0) goto err; } for (j = 0; j < sk_PROFESSION_INFO_num(entry->professionInfos); j++) { - PROFESSION_INFO* pinfo = sk_PROFESSION_INFO_value(entry->professionInfos, j); + PROFESSION_INFO *pinfo = sk_PROFESSION_INFO_value(entry->professionInfos, j); if (BIO_printf(bp, "%*s Profession Info Entry %0d:\n", ind, "", 1 + j) <= 0) goto err; @@ -161,7 +161,7 @@ static int i2r_ADMISSION_SYNTAX(const struct v3_ext_method *method, void *in, } if (pinfo->namingAuthority != NULL) { - if (i2r_NAMING_AUTHORITY(method, pinfo->namingAuthority, bp, ind + 2) <= 0) + if (i2r_NAMING_AUTHORITY(method, pinfo->namingAuthority, bp, ind + 4) <= 0) goto err; } @@ -170,7 +170,7 @@ static int i2r_ADMISSION_SYNTAX(const struct v3_ext_method *method, void *in, if (BIO_printf(bp, "%*s Info Entries:\n", ind, "") <= 0) goto err; for (k = 0; k < sk_ASN1_STRING_num(pinfo->professionItems); k++) { - ASN1_STRING* val = sk_ASN1_STRING_value(pinfo->professionItems, k); + ASN1_STRING *val = sk_ASN1_STRING_value(pinfo->professionItems, k); if (BIO_printf(bp, "%*s ", ind, "") <= 0 || ASN1_STRING_print(bp, val) <= 0 @@ -183,7 +183,7 @@ static int i2r_ADMISSION_SYNTAX(const struct v3_ext_method *method, void *in, if (BIO_printf(bp, "%*s Profession OIDs:\n", ind, "") <= 0) goto err; for (k = 0; k < sk_ASN1_OBJECT_num(pinfo->professionOIDs); k++) { - ASN1_OBJECT* obj = sk_ASN1_OBJECT_value(pinfo->professionOIDs, k); + ASN1_OBJECT *obj = sk_ASN1_OBJECT_value(pinfo->professionOIDs, k); const char *ln = OBJ_nid2ln(OBJ_obj2nid(obj)); char objbuf[128]; @@ -207,31 +207,29 @@ const ASN1_OBJECT *NAMING_AUTHORITY_get0_authorityId(const NAMING_AUTHORITY *n) return n->namingAuthorityId; } -void NAMING_AUTHORITY_set0_authorityId(NAMING_AUTHORITY *n, ASN1_OBJECT* id) +void NAMING_AUTHORITY_set0_authorityId(NAMING_AUTHORITY *n, ASN1_OBJECT *id) { ASN1_OBJECT_free(n->namingAuthorityId); n->namingAuthorityId = id; } -const ASN1_IA5STRING *NAMING_AUTHORITY_get0_authorityURL( - const NAMING_AUTHORITY *n) +const ASN1_IA5STRING *NAMING_AUTHORITY_get0_authorityURL(const NAMING_AUTHORITY *n) { return n->namingAuthorityUrl; } -void NAMING_AUTHORITY_set0_authorityURL(NAMING_AUTHORITY *n, ASN1_IA5STRING* u) +void NAMING_AUTHORITY_set0_authorityURL(NAMING_AUTHORITY *n, ASN1_IA5STRING *u) { ASN1_IA5STRING_free(n->namingAuthorityUrl); n->namingAuthorityUrl = u; } -const ASN1_STRING *NAMING_AUTHORITY_get0_authorityText( - const NAMING_AUTHORITY *n) +const ASN1_STRING *NAMING_AUTHORITY_get0_authorityText(const NAMING_AUTHORITY *n) { return n->namingAuthorityText; } -void NAMING_AUTHORITY_set0_authorityText(NAMING_AUTHORITY *n, ASN1_STRING* t) +void NAMING_AUTHORITY_set0_authorityText(NAMING_AUTHORITY *n, ASN1_STRING *t) { ASN1_IA5STRING_free(n->namingAuthorityText); n->namingAuthorityText = t; diff --git a/crypto/x509/v3_asid.c b/crypto/x509/v3_asid.c index 1cb892df67..e08e11d587 100644 --- a/crypto/x509/v3_asid.c +++ b/crypto/x509/v3_asid.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/v3_cpols.c b/crypto/x509/v3_cpols.c index ae602ea2cd..603bb1ce59 100644 --- a/crypto/x509/v3_cpols.c +++ b/crypto/x509/v3_cpols.c @@ -195,6 +195,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, goto err; } if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) { + POLICYQUALINFO_free(qual); ERR_raise(ERR_LIB_X509V3, ERR_R_CRYPTO_LIB); goto err; } @@ -232,6 +233,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, if (pol->qualifiers == NULL) pol->qualifiers = sk_POLICYQUALINFO_new_null(); if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) { + POLICYQUALINFO_free(qual); ERR_raise(ERR_LIB_X509V3, ERR_R_CRYPTO_LIB); goto err; } diff --git a/crypto/x509/v3_crld.c b/crypto/x509/v3_crld.c index e9f6e08e27..8f560e171c 100644 --- a/crypto/x509/v3_crld.c +++ b/crypto/x509/v3_crld.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/v3_ist.c b/crypto/x509/v3_ist.c index ccca198eb8..b7ce4bb919 100644 --- a/crypto/x509/v3_ist.c +++ b/crypto/x509/v3_ist.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/v3_san.c b/crypto/x509/v3_san.c index 9adf494707..efd997ab32 100644 --- a/crypto/x509/v3_san.c +++ b/crypto/x509/v3_san.c @@ -336,7 +336,7 @@ static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens) { - GENERAL_NAMES *ialt; + GENERAL_NAMES *ialt = NULL; GENERAL_NAME *gen; X509_EXTENSION *ext; int i, num; @@ -371,6 +371,7 @@ static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens) return 1; err: + sk_GENERAL_NAME_free(ialt); return 0; } diff --git a/crypto/x509/v3_sxnet.c b/crypto/x509/v3_sxnet.c index 74209d3e3f..507945f829 100644 --- a/crypto/x509/v3_sxnet.c +++ b/crypto/x509/v3_sxnet.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/v3_utl.c b/crypto/x509/v3_utl.c index 1a18174995..1fa25ad3a3 100644 --- a/crypto/x509/v3_utl.c +++ b/crypto/x509/v3_utl.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -916,36 +916,64 @@ static int do_x509_check(X509 *x, const char *chk, size_t chklen, ASN1_STRING *cstr; gen = sk_GENERAL_NAME_value(gens, i); - if ((gen->type == GEN_OTHERNAME) && (check_type == GEN_EMAIL)) { - if (OBJ_obj2nid(gen->d.otherName->type_id) == - NID_id_on_SmtpUTF8Mailbox) { - san_present = 1; - - /* - * If it is not a UTF8String then that is unexpected and we - * treat it as no match + switch (gen->type) { + default: + continue; + case GEN_OTHERNAME: + switch (OBJ_obj2nid(gen->d.otherName->type_id)) { + default: + continue; + case NID_id_on_SmtpUTF8Mailbox: + /*- + * https://datatracker.ietf.org/doc/html/rfc8398#section-3 + * + * Due to name constraint compatibility reasons described + * in Section 6, SmtpUTF8Mailbox subjectAltName MUST NOT + * be used unless the local-part of the email address + * contains non-ASCII characters. When the local-part is + * ASCII, rfc822Name subjectAltName MUST be used instead + * of SmtpUTF8Mailbox. This is compatible with legacy + * software that supports only rfc822Name (and not + * SmtpUTF8Mailbox). [...] + * + * SmtpUTF8Mailbox is encoded as UTF8String. + * + * If it is not a UTF8String then that is unexpected, and + * we ignore the invalid SAN (neither set san_present nor + * consider it a candidate for equality). This does mean + * that the subject CN may be considered, as would be the + * case when the malformed SmtpUtf8Mailbox SAN is instead + * simply absent. + * + * When CN-ID matching is not desirable, applications can + * choose to turn it off, doing so is at this time a best + * practice. */ - if (gen->d.otherName->value->type == V_ASN1_UTF8STRING) { - cstr = gen->d.otherName->value->value.utf8string; - - /* Positive on success, negative on error! */ - if ((rv = do_check_string(cstr, 0, equal, flags, - chk, chklen, peername)) != 0) - break; - } - } else + if (check_type != GEN_EMAIL + || gen->d.otherName->value->type != V_ASN1_UTF8STRING) + continue; + alt_type = 0; + cstr = gen->d.otherName->value->value.utf8string; + break; + } + break; + case GEN_EMAIL: + if (check_type != GEN_EMAIL) continue; - } else { - if ((gen->type != check_type) && (gen->type != GEN_OTHERNAME)) + cstr = gen->d.rfc822Name; + break; + case GEN_DNS: + if (check_type != GEN_DNS) continue; + cstr = gen->d.dNSName; + break; + case GEN_IPADD: + if (check_type != GEN_IPADD) + continue; + cstr = gen->d.iPAddress; + break; } san_present = 1; - if (check_type == GEN_EMAIL) - cstr = gen->d.rfc822Name; - else if (check_type == GEN_DNS) - cstr = gen->d.dNSName; - else - cstr = gen->d.iPAddress; /* Positive on success, negative on error! */ if ((rv = do_check_string(cstr, alt_type, equal, flags, chk, chklen, peername)) != 0) diff --git a/crypto/x509/x509_att.c b/crypto/x509/x509_att.c index 659c2f5b74..5b002832c1 100644 --- a/crypto/x509/x509_att.c +++ b/crypto/x509/x509_att.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 7094280d48..244485cddb 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -196,6 +196,8 @@ int X509_add_cert(STACK_OF(X509) *sk, X509 *cert, int flags) ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); return 0; } + if (cert == NULL) + return 0; if ((flags & X509_ADD_FLAG_NO_DUP) != 0) { /* * not using sk_X509_set_cmp_func() and sk_X509_find() diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index 3fa4fee1e1..09fa2ee1f7 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -232,7 +232,7 @@ void X509_STORE_free(X509_STORE *xs) if (xs == NULL) return; CRYPTO_DOWN_REF(&xs->references, &i); - REF_PRINT_COUNT("X509_STORE", xs); + REF_PRINT_COUNT("X509_STORE", i, xs); if (i > 0) return; REF_ASSERT_ISNT(i < 0); @@ -260,7 +260,7 @@ int X509_STORE_up_ref(X509_STORE *xs) if (CRYPTO_UP_REF(&xs->references, &i) <= 0) return 0; - REF_PRINT_COUNT("X509_STORE", xs); + REF_PRINT_COUNT("X509_STORE", i, xs); REF_ASSERT_ISNT(i < 2); return i > 1 ? 1 : 0; } diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c index 77de85dc5b..74d1d29938 100644 --- a/crypto/x509/x509_req.c +++ b/crypto/x509/x509_req.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c index 0881be7292..c05d440971 100644 --- a/crypto/x509/x509_set.c +++ b/crypto/x509/x509_set.c @@ -119,7 +119,7 @@ int X509_up_ref(X509 *x) if (CRYPTO_UP_REF(&x->references, &i) <= 0) return 0; - REF_PRINT_COUNT("X509", x); + REF_PRINT_COUNT("X509", i, x); REF_ASSERT_ISNT(i < 2); return i > 1; } diff --git a/crypto/x509/x509cset.c b/crypto/x509/x509cset.c index 205fe3d6e5..e5dd4d5c3a 100644 --- a/crypto/x509/x509cset.c +++ b/crypto/x509/x509cset.c @@ -78,7 +78,7 @@ int X509_CRL_up_ref(X509_CRL *crl) if (CRYPTO_UP_REF(&crl->references, &i) <= 0) return 0; - REF_PRINT_COUNT("X509_CRL", crl); + REF_PRINT_COUNT("X509_CRL", i, crl); REF_ASSERT_ISNT(i < 2); return i > 1; } diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c index 3e4c852b70..6bd8b6d614 100644 --- a/crypto/x509/x_all.c +++ b/crypto/x509/x_all.c @@ -99,11 +99,13 @@ static ASN1_VALUE *simple_get_asn1(const char *url, BIO *bio, BIO *rbio, int timeout, const ASN1_ITEM *it) { #ifndef OPENSSL_NO_HTTP + size_t max_resp_len = (it == ASN1_ITEM_rptr(X509_CRL)) ? + OSSL_HTTP_DEFAULT_MAX_CRL_LEN : OSSL_HTTP_DEFAULT_MAX_RESP_LEN; BIO *mem = OSSL_HTTP_get(url, NULL /* proxy */, NULL /* no_proxy */, bio, rbio, NULL /* cb */, NULL /* arg */, 1024 /* buf_size */, NULL /* headers */, NULL /* expected_ct */, 1 /* expect_asn1 */, - OSSL_HTTP_DEFAULT_MAX_RESP_LEN, timeout); + max_resp_len, timeout); ASN1_VALUE *res = ASN1_item_d2i_bio(it, mem, NULL); BIO_free(mem); diff --git a/crypto/x509/x_name.c b/crypto/x509/x_name.c index 4568833f81..bcb480f58f 100644 --- a/crypto/x509/x_name.c +++ b/crypto/x509/x_name.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -480,8 +480,8 @@ static int i2d_name_canon(const STACK_OF(STACK_OF_X509_NAME_ENTRY) * _intname, v = sk_ASN1_VALUE_value(intname, i); ltmp = ASN1_item_ex_i2d(&v, in, ASN1_ITEM_rptr(X509_NAME_ENTRIES), -1, -1); - if (ltmp < 0) - return ltmp; + if (ltmp < 0 || len > INT_MAX - ltmp) + return -1; len += ltmp; } return len; diff --git a/demos/README.txt b/demos/README.txt index 17f42ab0a9..e86ab3c189 100644 --- a/demos/README.txt +++ b/demos/README.txt @@ -45,6 +45,7 @@ scrypt.c Demonstration of SCRYPT password based key derivation keyexch: x25519.c Demonstration of X25519 based key exchange +ecdh.c Demonstration of ECDH key exchange mac: gmac.c Demonstration of GMAC message authentication diff --git a/demos/cipher/aesccm.c b/demos/cipher/aesccm.c index 3c4b9e7445..3eb50eb27b 100644 --- a/demos/cipher/aesccm.c +++ b/demos/cipher/aesccm.c @@ -94,7 +94,7 @@ int aes_ccm_encrypt(void) if ((cipher = EVP_CIPHER_fetch(libctx, "AES-192-CCM", propq)) == NULL) goto err; - /* Set nonce length if default 96 bits is not appropriate */ + /* Default nonce length for AES-CCM is 7 bytes (56 bits). */ params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, &ccm_nonce_len); /* Set tag length */ diff --git a/demos/digest/BIO_f_md.c b/demos/digest/BIO_f_md.c index 119bdecf3c..36b50a0bbd 100644 --- a/demos/digest/BIO_f_md.c +++ b/demos/digest/BIO_f_md.c @@ -1,5 +1,5 @@ /*- - * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -42,7 +42,7 @@ int main(int argc, char *argv[]) BIO *bio_digest = NULL, *reading = NULL; EVP_MD *md = NULL; unsigned char buffer[512]; - size_t digest_size; + int digest_size; char *digest_value = NULL; int j; @@ -68,6 +68,11 @@ int main(int argc, char *argv[]) goto cleanup; } digest_size = EVP_MD_get_size(md); + if (digest_size <= 0) { + fprintf(stderr, "EVP_MD_get_size returned invalid size.\n"); + goto cleanup; + } + digest_value = OPENSSL_malloc(digest_size); if (digest_value == NULL) { fprintf(stderr, "Can't allocate %lu bytes for the digest value.\n", (unsigned long)digest_size); diff --git a/demos/digest/EVP_MD_demo.c b/demos/digest/EVP_MD_demo.c index 8cf3bd8e7b..279af82ead 100644 --- a/demos/digest/EVP_MD_demo.c +++ b/demos/digest/EVP_MD_demo.c @@ -1,5 +1,5 @@ /*- - * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -83,7 +83,7 @@ int demonstrate_digest(void) const char *option_properties = NULL; EVP_MD *message_digest = NULL; EVP_MD_CTX *digest_context = NULL; - unsigned int digest_length; + int digest_length; unsigned char *digest_value = NULL; int j; diff --git a/demos/digest/EVP_MD_stdin.c b/demos/digest/EVP_MD_stdin.c index 11bffb6bcc..409be9b78e 100644 --- a/demos/digest/EVP_MD_stdin.c +++ b/demos/digest/EVP_MD_stdin.c @@ -1,5 +1,5 @@ /*- - * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -38,7 +38,7 @@ int demonstrate_digest(BIO *input) const char *option_properties = NULL; EVP_MD *message_digest = NULL; EVP_MD_CTX *digest_context = NULL; - unsigned int digest_length; + int digest_length; unsigned char *digest_value = NULL; unsigned char buffer[512]; int ii; diff --git a/demos/http3/ossl-nghttp3.c b/demos/http3/ossl-nghttp3.c index c8c8aa8d42..be781f7198 100644 --- a/demos/http3/ossl-nghttp3.c +++ b/demos/http3/ossl-nghttp3.c @@ -1,5 +1,5 @@ /* - * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/demos/keyexch/Makefile b/demos/keyexch/Makefile index f8018a13df..f69562e335 100644 --- a/demos/keyexch/Makefile +++ b/demos/keyexch/Makefile @@ -4,7 +4,7 @@ # # LD_LIBRARY_PATH=../.. ./x25519 -TESTS = x25519 +TESTS = x25519 ecdh CFLAGS = -I../../include -g -Wall LDFLAGS = -L../.. @@ -13,7 +13,10 @@ LDLIBS = -lcrypto all: $(TESTS) x25519: x25519.o - $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^ $(LDLIBS) +ecdh: ecdh.o + +$(TESTS): + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< $(LDLIBS) clean: $(RM) *.o $(TESTS) diff --git a/demos/keyexch/ecdh.c b/demos/keyexch/ecdh.c new file mode 100644 index 0000000000..908fc4cd45 --- /dev/null +++ b/demos/keyexch/ecdh.c @@ -0,0 +1,221 @@ +/* + * Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include + +/* + * This is a demonstration of key exchange using ECDH. + * + * EC key exchange requires 2 parties (peers) to first agree on shared group + * parameters (the EC curve name). Each peer then generates a public/private + * key pair using the shared curve name. Each peer then gives their public key + * to the other peer. A peer can then derive the same shared secret using their + * private key and the other peers public key. + */ + +/* Object used to store information for a single Peer */ +typedef struct peer_data_st { + const char *name; /* name of peer */ + const char *curvename; /* The shared curve name */ + EVP_PKEY *priv; /* private keypair */ + EVP_PKEY *pub; /* public key to send to other peer */ + unsigned char *secret; /* allocated shared secret buffer */ + size_t secretlen; +} PEER_DATA; + +/* + * The public key needs to be given to the other peer + * The following code extracts the public key data from the private key + * and then builds an EVP_KEY public key. + */ +static int get_peer_public_key(PEER_DATA *peer, OSSL_LIB_CTX *libctx) +{ + int ret = 0; + EVP_PKEY_CTX *ctx; + OSSL_PARAM params[3]; + unsigned char pubkeydata[256]; + size_t pubkeylen; + + /* Get the EC encoded public key data from the peers private key */ + if (!EVP_PKEY_get_octet_string_param(peer->priv, OSSL_PKEY_PARAM_PUB_KEY, + pubkeydata, sizeof(pubkeydata), + &pubkeylen)) + return 0; + + /* Create a EC public key from the public key data */ + ctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", NULL); + if (ctx == NULL) + return 0; + params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, + (char *)peer->curvename, 0); + params[1] = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_PUB_KEY, + pubkeydata, pubkeylen); + params[2] = OSSL_PARAM_construct_end(); + ret = EVP_PKEY_fromdata_init(ctx) > 0 + && (EVP_PKEY_fromdata(ctx, &peer->pub, EVP_PKEY_PUBLIC_KEY, + params) > 0); + EVP_PKEY_CTX_free(ctx); + return ret; +} + +static int create_peer(PEER_DATA *peer, OSSL_LIB_CTX *libctx) +{ + int ret = 0; + EVP_PKEY_CTX *ctx = NULL; + OSSL_PARAM params[2]; + + params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, + (char *)peer->curvename, 0); + params[1] = OSSL_PARAM_construct_end(); + + ctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", NULL); + if (ctx == NULL) + return 0; + + if (EVP_PKEY_keygen_init(ctx) <= 0 + || !EVP_PKEY_CTX_set_params(ctx, params) + || EVP_PKEY_generate(ctx, &peer->priv) <= 0 + || !get_peer_public_key(peer, libctx)) { + EVP_PKEY_free(peer->priv); + peer->priv = NULL; + goto err; + } + ret = 1; +err: + EVP_PKEY_CTX_free(ctx); + return ret; +} + +static void destroy_peer(PEER_DATA *peer) +{ + EVP_PKEY_free(peer->priv); + EVP_PKEY_free(peer->pub); +} + +static int generate_secret(PEER_DATA *peerA, EVP_PKEY *peerBpub, + OSSL_LIB_CTX *libctx) +{ + unsigned char *secret = NULL; + size_t secretlen = 0; + EVP_PKEY_CTX *derivectx; + + /* Create an EVP_PKEY_CTX that contains peerA's private key */ + derivectx = EVP_PKEY_CTX_new_from_pkey(libctx, peerA->priv, NULL); + if (derivectx == NULL) + return 0; + + if (EVP_PKEY_derive_init(derivectx) <= 0) + goto cleanup; + /* Set up peerB's public key */ + if (EVP_PKEY_derive_set_peer(derivectx, peerBpub) <= 0) + goto cleanup; + + /* + * For backwards compatibility purposes the OpenSSL ECDH provider supports + * optionally using a X963KDF to expand the secret data. This can be done + * with code similar to the following. + * + * OSSL_PARAM params[5]; + * size_t outlen = 128; + * unsigned char ukm[] = { 1, 2, 3, 4 }; + * params[0] = OSSL_PARAM_construct_utf8_string(OSSL_EXCHANGE_PARAM_KDF_TYPE, + * "X963KDF", 0); + * params[1] = OSSL_PARAM_construct_utf8_string(OSSL_EXCHANGE_PARAM_KDF_DIGEST, + * "SHA256", 0); + * params[2] = OSSL_PARAM_construct_size_t(OSSL_EXCHANGE_PARAM_KDF_OUTLEN, + * &outlen); + * params[3] = OSSL_PARAM_construct_octet_string(OSSL_EXCHANGE_PARAM_KDF_UKM, + * ukm, sizeof(ukm)); + * params[4] = OSSL_PARAM_construct_end(); + * if (!EVP_PKEY_CTX_set_params(derivectx, params)) + * goto cleanup; + * + * Note: After the secret is generated below, the peer could alternatively + * pass the secret to a KDF to derive additional key data from the secret. + * See demos/kdf/hkdf.c for an example (where ikm is the secret key) + */ + + /* Calculate the size of the secret and allocate space */ + if (EVP_PKEY_derive(derivectx, NULL, &secretlen) <= 0) + goto cleanup; + secret = (unsigned char *)OPENSSL_malloc(secretlen); + if (secret == NULL) + goto cleanup; + + /* + * Derive the shared secret. In this example 32 bytes are generated. + * For EC curves the secret size is related to the degree of the curve + * which is 256 bits for P-256. + */ + if (EVP_PKEY_derive(derivectx, secret, &secretlen) <= 0) + goto cleanup; + peerA->secret = secret; + peerA->secretlen = secretlen; + + printf("Shared secret (%s):\n", peerA->name); + BIO_dump_indent_fp(stdout, peerA->secret, peerA->secretlen, 2); + putchar('\n'); + + return 1; +cleanup: + OPENSSL_free(secret); + EVP_PKEY_CTX_free(derivectx); + return 0; +} + +int main(void) +{ + int ret = EXIT_FAILURE; + /* Initialise the 2 peers that will share a secret */ + PEER_DATA peer1 = {"peer 1", "P-256"}; + PEER_DATA peer2 = {"peer 2", "P-256"}; + /* + * Setting libctx to NULL uses the default library context + * Use OSSL_LIB_CTX_new() to create a non default library context + */ + OSSL_LIB_CTX *libctx = NULL; + + /* Each peer creates a (Ephemeral) keypair */ + if (!create_peer(&peer1, libctx) + || !create_peer(&peer2, libctx)) { + fprintf(stderr, "Create peer failed\n"); + goto cleanup; + } + + /* + * Each peer uses its private key and the other peers public key to + * derive a shared secret + */ + if (!generate_secret(&peer1, peer2.pub, libctx) + || !generate_secret(&peer2, peer1.pub, libctx)) { + fprintf(stderr, "Generate secrets failed\n"); + goto cleanup; + } + + /* For illustrative purposes demonstrate that the derived secrets are equal */ + if (peer1.secretlen != peer2.secretlen + || CRYPTO_memcmp(peer1.secret, peer2.secret, peer1.secretlen) != 0) { + fprintf(stderr, "Derived secrets do not match\n"); + goto cleanup; + } else { + fprintf(stdout, "Derived secrets match\n"); + } + + ret = EXIT_SUCCESS; +cleanup: + if (ret != EXIT_SUCCESS) + ERR_print_errors_fp(stderr); + destroy_peer(&peer2); + destroy_peer(&peer1); + return ret; +} diff --git a/demos/sslecho/main.c b/demos/sslecho/main.c index 20b018c7a1..3114dcfcde 100644 --- a/demos/sslecho/main.c +++ b/demos/sslecho/main.c @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,6 +12,7 @@ #include #include #include +#include #include #include #include diff --git a/doc/HOWTO/certificates.txt b/doc/HOWTO/certificates.txt index 78ab97b419..82ce502a1d 100644 --- a/doc/HOWTO/certificates.txt +++ b/doc/HOWTO/certificates.txt @@ -89,7 +89,7 @@ was kind enough, your certificate is a raw DER thing in PEM format. Your key most definitely is if you have followed the examples above. However, some (most?) certificate authorities will encode them with things like PKCS7 or PKCS12, or something else. Depending on your -applications, this may be perfectly OK, it all depends on what they +applications, this may be perfectly OK. It all depends on what they know how to decode. If not, there are a number of OpenSSL tools to convert between some (most?) formats. diff --git a/doc/README.md b/doc/README.md index 12bb37ddb8..d999b0262b 100644 --- a/doc/README.md +++ b/doc/README.md @@ -6,10 +6,6 @@ README.md This file [fingerprints.txt](fingerprints.txt) PGP fingerprints of authorised release signers -standards.txt -standards.txt - Moved to the web, - [HOWTO/](HOWTO/) A few how-to documents; not necessarily up-to-date @@ -27,4 +23,4 @@ standards.txt Algorithm specific EVP_PKEY documentation. Formatted versions of the manpages (apps,ssl,crypto) can be found at - + diff --git a/doc/build.info b/doc/build.info index b4815fcf23..253a89df9b 100644 --- a/doc/build.info +++ b/doc/build.info @@ -2735,6 +2735,10 @@ DEPEND[html/man3/SSL_set_session.html]=man3/SSL_set_session.pod GENERATE[html/man3/SSL_set_session.html]=man3/SSL_set_session.pod DEPEND[man/man3/SSL_set_session.3]=man3/SSL_set_session.pod GENERATE[man/man3/SSL_set_session.3]=man3/SSL_set_session.pod +DEPEND[html/man3/SSL_set_session_secret_cb.html]=man3/SSL_set_session_secret_cb.pod +GENERATE[html/man3/SSL_set_session_secret_cb.html]=man3/SSL_set_session_secret_cb.pod +DEPEND[man/man3/SSL_set_session_secret_cb.3]=man3/SSL_set_session_secret_cb.pod +GENERATE[man/man3/SSL_set_session_secret_cb.3]=man3/SSL_set_session_secret_cb.pod DEPEND[html/man3/SSL_set_shutdown.html]=man3/SSL_set_shutdown.pod GENERATE[html/man3/SSL_set_shutdown.html]=man3/SSL_set_shutdown.pod DEPEND[man/man3/SSL_set_shutdown.3]=man3/SSL_set_shutdown.pod @@ -3615,6 +3619,7 @@ html/man3/SSL_set_fd.html \ html/man3/SSL_set_incoming_stream_policy.html \ html/man3/SSL_set_retry_verify.html \ html/man3/SSL_set_session.html \ +html/man3/SSL_set_session_secret_cb.html \ html/man3/SSL_set_shutdown.html \ html/man3/SSL_set_verify_result.html \ html/man3/SSL_shutdown.html \ @@ -4260,6 +4265,7 @@ man/man3/SSL_set_fd.3 \ man/man3/SSL_set_incoming_stream_policy.3 \ man/man3/SSL_set_retry_verify.3 \ man/man3/SSL_set_session.3 \ +man/man3/SSL_set_session_secret_cb.3 \ man/man3/SSL_set_shutdown.3 \ man/man3/SSL_set_verify_result.3 \ man/man3/SSL_shutdown.3 \ @@ -4701,6 +4707,10 @@ DEPEND[html/man7/OSSL_PROVIDER-null.html]=man7/OSSL_PROVIDER-null.pod GENERATE[html/man7/OSSL_PROVIDER-null.html]=man7/OSSL_PROVIDER-null.pod DEPEND[man/man7/OSSL_PROVIDER-null.7]=man7/OSSL_PROVIDER-null.pod GENERATE[man/man7/OSSL_PROVIDER-null.7]=man7/OSSL_PROVIDER-null.pod +DEPEND[html/man7/OSSL_STORE-winstore.html]=man7/OSSL_STORE-winstore.pod +GENERATE[html/man7/OSSL_STORE-winstore.html]=man7/OSSL_STORE-winstore.pod +DEPEND[man/man7/OSSL_STORE-winstore.7]=man7/OSSL_STORE-winstore.pod +GENERATE[man/man7/OSSL_STORE-winstore.7]=man7/OSSL_STORE-winstore.pod DEPEND[html/man7/RAND.html]=man7/RAND.pod GENERATE[html/man7/RAND.html]=man7/RAND.pod DEPEND[man/man7/RAND.7]=man7/RAND.pod @@ -5023,6 +5033,7 @@ html/man7/OSSL_PROVIDER-base.html \ html/man7/OSSL_PROVIDER-default.html \ html/man7/OSSL_PROVIDER-legacy.html \ html/man7/OSSL_PROVIDER-null.html \ +html/man7/OSSL_STORE-winstore.html \ html/man7/RAND.html \ html/man7/RSA-PSS.html \ html/man7/X25519.html \ @@ -5166,6 +5177,7 @@ man/man7/OSSL_PROVIDER-base.7 \ man/man7/OSSL_PROVIDER-default.7 \ man/man7/OSSL_PROVIDER-legacy.7 \ man/man7/OSSL_PROVIDER-null.7 \ +man/man7/OSSL_STORE-winstore.7 \ man/man7/RAND.7 \ man/man7/RSA-PSS.7 \ man/man7/X25519.7 \ diff --git a/doc/fingerprints.txt b/doc/fingerprints.txt index 9a26f7c667..bdcad14723 100644 --- a/doc/fingerprints.txt +++ b/doc/fingerprints.txt @@ -12,8 +12,8 @@ in the file named openssl-1.0.1h.tar.gz.asc. The following is the list of fingerprints for the keys that are currently in use to sign OpenSSL distributions: -OpenSSL OMC: -EFC0 A467 D613 CB83 C7ED 6D30 D894 E2CE 8B3D 79F5 +OpenSSL: +BA54 73A2 B058 7B07 FB27 CF2D 2160 94DF D0CB 81EF Richard Levitte: 7953 AC1F BC3D C8B3 B292 393E D5E9 E43F 7DF9 EE8C diff --git a/doc/internal/man3/ossl_rcu_lock_new.pod b/doc/internal/man3/ossl_rcu_lock_new.pod index e92bf29165..57b5e4d73d 100644 --- a/doc/internal/man3/ossl_rcu_lock_new.pod +++ b/doc/internal/man3/ossl_rcu_lock_new.pod @@ -13,7 +13,7 @@ ossl_rcu_assign_uptr =head1 SYNOPSIS - CRYPTO_RCU_LOCK *ossl_rcu_lock_new(int num_writers); + CRYPTO_RCU_LOCK *ossl_rcu_lock_new(int num_writers, OSSL_LIB_CTX *ctx); void ossl_rcu_read_lock(CRYPTO_RCU_LOCK *lock); void ossl_rcu_write_lock(CRYPTO_RCU_LOCK *lock); void ossl_rcu_write_unlock(CRYPTO_RCU_LOCK *lock); @@ -65,7 +65,8 @@ ossl_rcu_lock_new() allocates a new RCU lock. The I param indicates the number of write side threads which may execute ossl_synchronize_rcu() in parallel. The value must be at least 1, but may be larger to obtain increased write side throughput at the cost of additional -internal memory usage. A value of 1 is generally recommended. +internal memory usage. A value of 1 is generally recommended. The I +parameter references the library context in which the lock is allocated. =item * @@ -248,7 +249,7 @@ L, L. =head1 COPYRIGHT -Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/openssl-ca.pod.in b/doc/man1/openssl-ca.pod.in index fe09f85c2c..51a8c6c873 100644 --- a/doc/man1/openssl-ca.pod.in +++ b/doc/man1/openssl-ca.pod.in @@ -177,7 +177,8 @@ See L for details. =item B<-sigopt> I:I Pass options to the signature algorithm during sign operations. -Names and values of these options are algorithm-specific. +Names and values of these options are algorithm-specific and +documented in L. =item B<-vfyopt> I:I @@ -711,7 +712,7 @@ A sample configuration file with the relevant sections for this command: default_days = 365 # how long to certify for default_crl_days= 30 # how long before next CRL - default_md = md5 # md to use + default_md = sha256 # md to use policy = policy_any # default policy email_in_dn = no # Don't add the email into cert DN @@ -852,7 +853,7 @@ L =head1 COPYRIGHT -Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/openssl-ciphers.pod.in b/doc/man1/openssl-ciphers.pod.in index e5aa220d74..a84d2daff5 100644 --- a/doc/man1/openssl-ciphers.pod.in +++ b/doc/man1/openssl-ciphers.pod.in @@ -804,7 +804,7 @@ OpenSSL 3.2.0. =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in index d4228d8f84..3bc6c55413 100644 --- a/doc/man1/openssl-cmp.pod.in +++ b/doc/man1/openssl-cmp.pod.in @@ -414,6 +414,12 @@ The file where any newly enrolled certificate should be saved. =item B<-chainout> I The file where the chain of any newly enrolled certificate should be saved. +This chain excludes the leaf certificate, i.e., the newly enrolled certificate. +Also the trust anchor (the root certificate) is not included. + +If the B<-certout> option is given, too, with equal I argument, +then the file produced contains both outputs concatenated: +the newly enrolled certificate followed by its chain. =back @@ -487,6 +493,7 @@ Reason numbers defined in RFC 5280 are: The I domain name or IP address and optionally I of the CMP server to connect to using HTTP(S). IP address may be for v4 or v6, such as C<127.0.0.1> or C<[::1]> for localhost. +If the host string is an IPv6 address, it must be enclosed in C<[> and C<]>. This option excludes I<-port> and I<-use_mock_srv>. It is ignored if I<-rspin> is given with enough filename arguments. @@ -501,6 +508,7 @@ If a path is included it provides the default value for the B<-path> option. The HTTP(S) proxy server to use for reaching the CMP server unless B<-no_proxy> applies, see below. +If the host string is an IPv6 address, it must be enclosed in C<[> and C<]>. The proxy port defaults to 80 or 443 if the scheme is C; apart from that the optional C or C prefix is ignored (note that using TLS may be required by B<-tls_used> or B<-server> with the prefix C), @@ -1044,7 +1052,7 @@ If the transaction contains more requests, the remaining ones are not saved. =item B<-reqout_only> I Save the first CMP requests created by the client to the given file and exit. -Any options related to CMP servers and their reponses are ignored. +Any options related to CMP servers and their responses are ignored. This option is useful for supporting offline scenarios where the certificate request (or any other CMP request) is produced beforehand and sent out later. @@ -1442,7 +1450,7 @@ The B<-profile> option was added in OpenSSL 3.3. =head1 COPYRIGHT -Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/openssl-cms.pod.in b/doc/man1/openssl-cms.pod.in index 78be2e6c09..1360de7849 100644 --- a/doc/man1/openssl-cms.pod.in +++ b/doc/man1/openssl-cms.pod.in @@ -192,6 +192,10 @@ to the output file. Verify signed data. Expects a signed data on input and outputs the signed data. Both clear text and opaque signing is supported. +By default, validation of signer certificates and their chain +is done w.r.t. the S/MIME signing (C) purpose. +For details see L. + =item B<-resign> Resign a message: take an existing message and one or more new signers. @@ -385,7 +389,8 @@ See L for details. =item B<-originator> I A certificate of the originator of the encrypted message. Necessary for -decryption when Key Agreement is in use for a shared key. +decryption when Key Agreement is in use for a shared key. Currently, not +allowed for encryption. =item B<-recip> I @@ -915,7 +920,7 @@ The B<-digest> option was added in OpenSSL 3.2. =head1 COPYRIGHT -Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/openssl-crl.pod.in b/doc/man1/openssl-crl.pod.in index 7e15f6445a..4327b6157b 100644 --- a/doc/man1/openssl-crl.pod.in +++ b/doc/man1/openssl-crl.pod.in @@ -93,7 +93,12 @@ Print out the CRL in text form. =item B<-verify> -Verify the signature in the CRL. +Verify the signature in the CRL. If the verification fails, +the program will immediately exit, i.e. further option processing +(e.g. B<-gendelta>) is skipped. + +This option is implicitly enabled if any of B<-CApath>, B<-CAfile> +or B<-CAstore> is specified. =item B<-noout> @@ -160,9 +165,13 @@ L, L, L +=head1 HISTORY + +Since OpenSSL 3.3, the B<-verify> option will exit with 1 on failure. + =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/openssl-dgst.pod.in b/doc/man1/openssl-dgst.pod.in index 5dcdbe548e..e50fa55d7b 100644 --- a/doc/man1/openssl-dgst.pod.in +++ b/doc/man1/openssl-dgst.pod.in @@ -126,7 +126,8 @@ See L for details. =item B<-sigopt> I:I Pass options to the signature algorithm during sign or verify operations. -Names and values of these options are algorithm-specific. +Names and values of these options are algorithm-specific and documented +in L. =item B<-passin> I @@ -278,7 +279,7 @@ The B<-engine> and B<-engine_impl> options were deprecated in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/openssl-enc.pod.in b/doc/man1/openssl-enc.pod.in index 14066a3185..33fe72d282 100644 --- a/doc/man1/openssl-enc.pod.in +++ b/doc/man1/openssl-enc.pod.in @@ -98,13 +98,19 @@ Base64 process the data. This means that if encryption is taking place the data is base64 encoded after encryption. If decryption is set then the input data is base64 decoded before being decrypted. +When the B<-A> option not given, +on encoding a newline is inserted after each 64 characters, and +on decoding a newline is expected among the first 1024 bytes of input. + =item B<-base64> Same as B<-a> =item B<-A> -If the B<-a> option is set then base64 process the data on one line. +If the B<-a> option is set then base64 encoding produces output without any +newline character, and base64 decoding does not require any newlines. +Therefore it can be helpful to use the B<-A> option when decoding unknown input. =item B<-k> I @@ -463,6 +469,9 @@ or =head1 BUGS The B<-A> option when used with large files doesn't work properly. +On the other hand, when base64 decoding without the B<-A> option, +if the first 1024 bytes of input do not include a newline character +the first two lines of input are ignored. The B command only supports a fixed number of algorithms with certain parameters. So if, for example, you want to use RC2 with a @@ -480,7 +489,7 @@ The B<-saltlen> option was added in OpenSSL 3.2. =head1 COPYRIGHT -Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/openssl-fipsinstall.pod.in b/doc/man1/openssl-fipsinstall.pod.in index b1768b7f91..54ad22d444 100644 --- a/doc/man1/openssl-fipsinstall.pod.in +++ b/doc/man1/openssl-fipsinstall.pod.in @@ -278,6 +278,20 @@ L, L, L +=head1 HISTORY + +The B application was added in OpenSSL 3.0. + +The following options were added in OpenSSL 3.1: + +B<-ems_check>, +B<-self_test_oninstall> + +The following options were added in OpenSSL 3.2: + +B<-pedantic>, +B<-no_drbg_truncated_digests> + =head1 COPYRIGHT Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-genpkey.pod.in b/doc/man1/openssl-genpkey.pod.in index aab4ef84d7..32966fcd0c 100644 --- a/doc/man1/openssl-genpkey.pod.in +++ b/doc/man1/openssl-genpkey.pod.in @@ -512,7 +512,7 @@ The B<-engine> option was deprecated in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/openssl-mac.pod.in b/doc/man1/openssl-mac.pod.in index 9a656fe117..5d6008f002 100644 --- a/doc/man1/openssl-mac.pod.in +++ b/doc/man1/openssl-mac.pod.in @@ -169,7 +169,7 @@ L =head1 COPYRIGHT -Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2018-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/openssl-namedisplay-options.pod b/doc/man1/openssl-namedisplay-options.pod index a12f4dbf66..f16a582021 100644 --- a/doc/man1/openssl-namedisplay-options.pod +++ b/doc/man1/openssl-namedisplay-options.pod @@ -18,8 +18,10 @@ displayed. This is specified by using the B<-nameopt> option, which takes a comma-separated list of options from the following set. An option may be preceded by a minus sign, C<->, to turn it off. -The default value is C. -The first four are the most commonly used. +The first four option arguments are the most commonly used. + +The default value is +C. =head1 OPTIONS diff --git a/doc/man1/openssl-ocsp.pod.in b/doc/man1/openssl-ocsp.pod.in index 29fbd3d04f..b497424ef9 100644 --- a/doc/man1/openssl-ocsp.pod.in +++ b/doc/man1/openssl-ocsp.pod.in @@ -31,7 +31,7 @@ B B [B<-url> I] [B<-host> I:I] [B<-path> I] -[B<-proxy> I<[http[s]://][userinfo@]host[:port][/path]>] +[B<-proxy> I<[http[s]://][userinfo@]host[:port][/path][?query][#fragment]>] [B<-no_proxy> I] [B<-header>] [B<-timeout> I] @@ -168,7 +168,7 @@ with B<-serial>, B<-cert> and B<-host> options). =item B<-url> I Specify the responder host and optionally port and path via a URL. - Both HTTP and HTTPS (SSL/TLS) URLs can be specified. +Both HTTP and HTTPS (SSL/TLS) URLs can be specified. The optional userinfo and fragment components are ignored. Any given query component is handled as part of the path component. For details, see the B<-host> and B<-path> options described next. @@ -179,17 +179,20 @@ If the B<-host> option is present then the OCSP request is sent to the host I on port I. The I may be a domain name or an IP (v4 or v6) address, such as C<127.0.0.1> or C<[::1]> for localhost. +If it is an IPv6 address, it must be enclosed in C<[> and C<]>. + The B<-path> option specifies the HTTP pathname to use or "/" by default. This is equivalent to specifying B<-url> with scheme http:// and the given I, I, and optional I. -=item B<-proxy> I<[http[s]://][userinfo@]host[:port][/path]> +=item B<-proxy> I<[http[s]://][userinfo@]host[:port][/path][?query][#fragment]> The HTTP(S) proxy server to use for reaching the OCSP server unless B<-no_proxy> applies, see below. +If the host string is an IPv6 address, it must be enclosed in C<[> and C<]>. The proxy port defaults to 80 or 443 if the scheme is C; apart from that the optional C or C prefix is ignored, -as well as any userinfo and path components. +as well as any userinfo, path, query, and fragment components. Defaults to the environment variable C if set, else C in case no TLS is used, otherwise C if set, else C. diff --git a/doc/man1/openssl-passphrase-options.pod b/doc/man1/openssl-passphrase-options.pod index abc43fb41e..2260dce8a6 100644 --- a/doc/man1/openssl-passphrase-options.pod +++ b/doc/man1/openssl-passphrase-options.pod @@ -46,26 +46,32 @@ the environment of other processes is visible on certain platforms =item BI -The first line of I is the password. If the same I -argument is supplied to B<-passin> and B<-passout> arguments then the first -line will be used for the input password and the next line for the output -password. I need not refer to a regular file: it could for example -refer to a device or named pipe. +Reads the password from the specified file I, which can be a regular +file, device, or named pipe. Only the first line, up to the newline character, +is read from the stream. + +If the same I argument is supplied to both B<-passin> and B<-passout> +arguments, the first line will be used for the input password, and the next +line will be used for the output password. =item BI -Read the password from the file descriptor I. This can be used to -send the data via a pipe for example. +Reads the password from the file descriptor I. This can be useful for +sending data via a pipe, for example. The same line handling as described for +B applies to passwords read from file descriptors. + +B is not supported on Windows. =item B -Read the password from standard input. +Reads the password from standard input. The same line handling as described for +B applies to passwords read from standard input. =back =head1 COPYRIGHT -Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/openssl-pkeyutl.pod.in b/doc/man1/openssl-pkeyutl.pod.in index 50c2030aa3..56ff7d8fc9 100644 --- a/doc/man1/openssl-pkeyutl.pod.in +++ b/doc/man1/openssl-pkeyutl.pod.in @@ -44,6 +44,8 @@ B B This command can be used to perform low-level public key operations using any supported algorithm. +By default the signing operation (see B<-sign> option) is assumed. + =head1 OPTIONS =over 4 @@ -59,20 +61,29 @@ if this option is not specified. =item B<-rawin> -This indicates that the input data is raw data, which is not hashed by any -message digest algorithm. The user can specify a digest algorithm by using -the B<-digest> option. This option can only be used with B<-sign> and -B<-verify> and must be used with the Ed25519 and Ed448 algorithms. +This indicates that the signature or verification input data is raw data, +which is not hashed by any message digest algorithm. +Except with EdDSA, +the user can specify a digest algorithm by using the B<-digest> option. +For signature algorithms like RSA, DSA and ECDSA, +the default digest algorithm is SHA-256. For SM2, it is SM3. + +This option can only be used with B<-sign> and B<-verify>. +For EdDSA (the Ed25519 and Ed448 algorithms) this option is required. =item B<-digest> I -This specifies the digest algorithm which is used to hash the input data before -signing or verifying it with the input key. This option could be omitted if the -signature algorithm does not require one (for instance, EdDSA). If this option -is omitted but the signature algorithm requires one, a default value will be -used. For signature algorithms like RSA, DSA and ECDSA, SHA-256 will be the -default digest algorithm. For SM2, it will be SM3. If this option is present, -then the B<-rawin> option must be also specified. +This option can only be used with B<-sign> and B<-verify>. +It specifies the digest algorithm that is used to hash the input data +before signing or verifying it with the input key. This option could be omitted +if the signature algorithm does not require preprocessing the input through +a pluggable hash function before signing (for instance, EdDSA). If this option +is omitted but the signature algorithm requires one and the B<-rawin> option +is given, a default value will be used (see B<-rawin> for details). +If this option is present, then the B<-rawin> option is required. + +At this time, HashEdDSA (the ph or "prehash" variant of EdDSA) is not supported, +so the B<-digest> option cannot be used with EdDSA. =item B<-out> I @@ -81,7 +92,7 @@ default. =item B<-sigfile> I -Signature file, required for B<-verify> operations only +Signature file, required and allowed for B<-verify> operations only =item B<-inkey> I|I @@ -119,21 +130,42 @@ The input is a certificate containing a public key. =item B<-rev> Reverse the order of the input buffer. This is useful for some libraries -(such as CryptoAPI) which represent the buffer in little endian format. +(such as CryptoAPI) which represent the buffer in little-endian format. +This cannot be used in conjunction with B<-rawin>. =item B<-sign> -Sign the input data (which must be a hash) and output the signed result. This -requires a private key. +Sign the input data and output the signed result. This requires a private key. +Using a message digest operation along with this is recommended, +when applicable, see the B<-rawin> and B<-digest> options for details. +Otherwise, the input data given with the B<-in> option is assumed to already +be a digest, but this may then require an additional B<-pkeyopt> CI +in some cases (e.g., RSA with the default PKCS#1 padding mode). +Even for other algorithms like ECDSA, where the additional B<-pkeyopt> option +does not affect signature output, it is recommended, as it enables +checking that the input length is consistent with the intended digest. =item B<-verify> -Verify the input data (which must be a hash) against the signature file and -indicate if the verification succeeded or failed. +Verify the input data against the signature given with the B<-sigfile> option +and indicate if the verification succeeded or failed. +The input data given with the B<-in> option is assumed to be a hash value +unless the B<-rawin> option is specified or implied. +With raw data, when a digest algorithm is applicable, though it may be inferred +from the signature or take a default value, it should also be specified. =item B<-verifyrecover> -Verify the input data (which must be a hash) and output the recovered data. +Verify the given signature and output the recovered data (signature payload). +For example, in case of RSA PKCS#1 the recovered data is the B +DER encoding of the digest algorithm OID and value as specified in +L. + +Note that here the input given with the B<-in> option is not a signature input +(as with the B<-sign> and B<-verify> options) but a signature output value, +typically produced using the B<-sign> option. + +This option is available only for use with RSA keys. =item B<-encrypt> @@ -177,8 +209,9 @@ hex dump the output data. =item B<-asn1parse> -Parse the ASN.1 output data, this is useful when combined with the -B<-verifyrecover> option when an ASN1 structure is signed. +Parse the ASN.1 output data to check its DER encoding and print any errors. +When combined with the B<-verifyrecover> option, this may be useful only in case +an ASN.1 DER-encoded structure had been signed directly (without hashing it). {- $OpenSSL::safe::opt_engine_item -} @@ -202,8 +235,8 @@ engine I for crypto operations. The operations and options supported vary according to the key algorithm and its implementation. The OpenSSL operations and options are indicated below. -Unless otherwise mentioned all algorithms support the BI option -which specifies the digest in use for sign, verify and verifyrecover operations. +Unless otherwise mentioned, all algorithms support the BI option, +which specifies the digest in use for the signing and verification operations. The value I should represent a digest name as used in the EVP_get_digestbyname() function for example B. This value is not used to hash the input data. It is used (by some algorithms) for sanity-checking the diff --git a/doc/man1/openssl-req.pod.in b/doc/man1/openssl-req.pod.in index c2232006e5..f85cafff22 100644 --- a/doc/man1/openssl-req.pod.in +++ b/doc/man1/openssl-req.pod.in @@ -148,7 +148,9 @@ Prints out the value of the modulus of the public key contained in the request. =item B<-verify> -Verifies the self-signature on the request. +Verifies the self-signature on the request. If the verification fails, +the program will immediately exit, i.e. further option processing +(e.g. B<-text>) is skipped. =item B<-new> @@ -495,16 +497,29 @@ any digest that has been set. =item B This option masks out the use of certain string types in certain -fields. Most users will not need to change this option. +fields. Most users will not need to change this option. It can be set to +several values: -It can be set to several values B which is also the default -option uses PrintableStrings, T61Strings and BMPStrings if the -B value is used then only PrintableStrings and BMPStrings will -be used. This follows the PKIX recommendation in RFC2459. If the -B option is used then only UTF8Strings will be used: this -is the PKIX recommendation in RFC2459 after 2003. Finally the B -option just uses PrintableStrings and T61Strings: certain software has -problems with BMPStrings and UTF8Strings: in particular Netscape. +=over 4 + +=item B +- only UTF8Strings are used (this is the default value) + +=item B +- any string type except T61Strings + +=item B +- any string type except BMPStrings and UTF8Strings + +=item B +- any kind of string type + +=back + +Note that B is the PKIX recommendation in RFC2459 after 2003, and the +default B; B is not the default option. The B +value is a workaround for some software that has problems with variable-sized +BMPStrings and UTF8Strings. =item B @@ -648,7 +663,7 @@ Sample configuration file prompting for field values: attributes = req_attributes req_extensions = v3_ca - dirstring_type = nobmp + dirstring_type = nombstr [ req_distinguished_name ] countryName = Country Name (2 letter code) @@ -792,9 +807,11 @@ Since OpenSSL 3.2, generated certificates bear X.509 version 3 unless B<-x509v1> is given, and key identifier extensions are included by default. +Since OpenSSL 3.3, the B<-verify> option will exit with 1 on failure. + =head1 COPYRIGHT -Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/openssl-s_client.pod.in b/doc/man1/openssl-s_client.pod.in index 032edb2a36..60b21bbffe 100644 --- a/doc/man1/openssl-s_client.pod.in +++ b/doc/man1/openssl-s_client.pod.in @@ -10,11 +10,11 @@ openssl-s_client - SSL/TLS client program B B [B<-help>] [B<-ssl_config> I
] -[B<-connect> I] +[B<-connect> I:I] [B<-host> I] [B<-port> I] -[B<-bind> I] -[B<-proxy> I] +[B<-bind> I:I] +[B<-proxy> I:I] [B<-proxy_user> I] [B<-proxy_pass> I] [B<-unix> I] @@ -168,6 +168,7 @@ This specifies the host and optional port to connect to. It is possible to select the host and port using the optional target positional argument instead. If neither this nor the target positional argument are specified then an attempt is made to connect to the local host on port 4433. +If the host string is an IPv6 address, it must be enclosed in C<[> and C<]>. =item B<-host> I @@ -177,17 +178,19 @@ Host to connect to; use B<-connect> instead. Connect to the specified port; use B<-connect> instead. -=item B<-bind> I +=item B<-bind> I:I This specifies the host address and or port to bind as the source for the connection. For Unix-domain sockets the port is ignored and the host is used as the source socket address. +If the host string is an IPv6 address, it must be enclosed in C<[> and C<]>. -=item B<-proxy> I +=item B<-proxy> I:I When used with the B<-connect> flag, the program uses the host and port specified with this flag and issues an HTTP CONNECT command to connect to the desired server. +If the host string is an IPv6 address, it must be enclosed in C<[> and C<]>. =item B<-proxy_user> I @@ -276,7 +279,9 @@ See L for details. =item B<-crl_download> -Download CRL from distribution points in the certificate. +Download CRL from distribution points in the certificate. Note that this option +is ignored if B<-crl_check> option is not provided. Note that the maximum size +of CRL is limited by L function. =item B<-key> I|I @@ -298,14 +303,20 @@ see L. The verify depth to use. This specifies the maximum length of the server certificate chain and turns on server certificate verification. -Currently the verify operation continues after errors so all the problems +Unless the B<-verify_return_error> option is given, +the verify operation continues after errors so all the problems with a certificate chain can be seen. As a side effect the connection will never fail due to a server certificate verify failure. +By default, validation of server certificates and their chain +is done w.r.t. the (D)TLS Server (C) purpose. +For details see L. + =item B<-verify_return_error> -Return verification errors instead of continuing. This will typically -abort the handshake with a fatal error. +Turns on server certificate verification, like with B<-verify>, +but returns verification errors instead of continuing. +This will typically abort the handshake with a fatal error. =item B<-verify_quiet> @@ -656,7 +667,11 @@ For example strings, see L =item B<-curves> I Specifies the list of supported curves to be sent by the client. The curve is -ultimately selected by the server. For a list of all curves, use: +ultimately selected by the server. + +The list of all supported groups includes named EC parameters as well as X25519 +and X448 or FFDHE groups, and may also include groups implemented in 3rd-party +providers. For a list of named EC parameters, use: $ openssl ecparam -list_curves @@ -861,10 +876,11 @@ or may request a certificate. =item I:I -Rather than providing B<-connect>, the target hostname and optional port may +Rather than providing B<-connect>, the target host and optional port may be provided as a single positional argument after all options. If neither this nor B<-connect> are provided, falls back to attempting to connect to I on port I<4433>. +If the host string is an IPv6 address, it must be enclosed in C<[> and C<]>. =back @@ -1003,6 +1019,51 @@ option: any verify errors are then returned aborting the handshake. The B<-bind> option may be useful if the server or a firewall requires connections to come from some particular address and or port. +=head2 Note on Non-Interactive Use + +When B is run in a non-interactive environment (e.g., a cron job or +a script without a valid I), it may close the connection prematurely, +especially with TLS 1.3. To prevent this, you can use the B<-ign_eof> flag, +which keeps B running even after reaching EOF from I. + +For example: + + openssl s_client -connect :443 -tls1_3 + -sess_out /path/to/tls_session_params_file + -ign_eof can lead to issues if the server keeps +the connection open, expecting the client to close first. In such cases, the +client may hang indefinitely. This behavior is not uncommon, particularly with +protocols where the server waits for a graceful disconnect from the client. + +For example, when connecting to an SMTP server, the session may pause if the +server expects a QUIT command before closing: + + $ openssl s_client -brief -ign_eof -starttls smtp + -connect :25 :25 + -starttls smtp -brief -ign_eof + +Similarly, for HTTP/1.1 connections, including a `Connection: close` header +ensures the server closes the connection after responding: + + printf 'GET / HTTP/1.1\r\nHost: \r\nConnection: close\r\n\r\n' + | openssl s_client -connect :443 -brief + +These approaches help manage the connection closure gracefully and prevent +hangs caused by the server waiting for the client to initiate the disconnect. + =head1 BUGS Because this program has a lot of options and also because some of the @@ -1044,7 +1105,7 @@ options were added in OpenSSL 3.2. =head1 COPYRIGHT -Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/openssl-s_server.pod.in b/doc/man1/openssl-s_server.pod.in index 268eca066b..7b25b96895 100644 --- a/doc/man1/openssl-s_server.pod.in +++ b/doc/man1/openssl-s_server.pod.in @@ -75,7 +75,7 @@ B B [B<-status>] [B<-status_verbose>] [B<-status_timeout> I] -[B<-proxy> I<[http[s]://][userinfo@]host[:port][/path]>] +[B<-proxy> I<[http[s]://][userinfo@]host[:port][/path][?query][#fragment]>] [B<-no_proxy> I] [B<-status_url> I] [B<-status_file> I] @@ -212,6 +212,10 @@ must supply a certificate or an error occurs. If the cipher suite cannot request a client certificate (for example an anonymous cipher suite or PSK) this option has no effect. +By default, validation of any supplied client certificate and its chain +is done w.r.t. the (D)TLS Client (C) purpose. +For details see L. + =item B<-cert> I The certificate to use, most servers cipher suites require the use of a @@ -522,13 +526,14 @@ certificate signer that is required for certificate status requests. Sets the timeout for OCSP response to I seconds. -=item B<-proxy> I<[http[s]://][userinfo@]host[:port][/path]> +=item B<-proxy> I<[http[s]://][userinfo@]host[:port][/path][?query][#fragment]> The HTTP(S) proxy server to use for reaching the OCSP server unless B<-no_proxy> applies, see below. +If the host string is an IPv6 address, it must be enclosed in C<[> and C<]>. The proxy port defaults to 80 or 443 if the scheme is C; apart from that the optional C or C prefix is ignored, -as well as any userinfo and path components. +as well as any userinfo, path, query, and fragment components. Defaults to the environment variable C if set, else C in case no TLS is used, otherwise C if set, else C. @@ -671,7 +676,10 @@ Signature algorithms to support for client certificate authentication =item B<-named_curve> I Specifies the elliptic curve to use. NOTE: this is single curve, not a list. -For a list of all possible curves, use: + +The list of all supported groups includes named EC parameters as well as X25519 +and X448 or FFDHE groups, and may also include groups implemented in 3rd-party +providers. For a list of named EC parameters, use: $ openssl ecparam -list_curves @@ -1012,7 +1020,7 @@ options were added in OpenSSL 3.2. =head1 COPYRIGHT -Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/openssl-s_time.pod.in b/doc/man1/openssl-s_time.pod.in index 2b82cf1e98..ca41f59362 100644 --- a/doc/man1/openssl-s_time.pod.in +++ b/doc/man1/openssl-s_time.pod.in @@ -50,6 +50,7 @@ Print out a usage message. =item B<-connect> I:I This specifies the host and optional port to connect to. +If the host string is an IPv6 address, it must be enclosed in C<[> and C<]>. =item B<-www> I diff --git a/doc/man1/openssl-smime.pod.in b/doc/man1/openssl-smime.pod.in index 655bf18822..79a38e79a9 100644 --- a/doc/man1/openssl-smime.pod.in +++ b/doc/man1/openssl-smime.pod.in @@ -197,14 +197,14 @@ Don't try to verify the signatures on the message. =item B<-nocerts> -When signing a message the signer's certificate is normally included -with this option it is excluded. This will reduce the size of the -signed message but the verifier must have a copy of the signers certificate +When signing a message, the signer's certificate is normally included. +With this option it is excluded. This will reduce the size of the +signed message, but the verifier must have a copy of the signers certificate available locally (passed using the B<-certfile> option for example). =item B<-noattr> -Normally when a message is signed a set of attributes are included which +Normally, when a message is signed, a set of attributes are included which include the signing time and supported symmetric algorithms. With this option they are not included. @@ -245,14 +245,6 @@ used multiple times if more than one signer is required. If a message is being verified then the signers certificates will be written to this file if the verification was successful. -=item B<-nocerts> - -Don't include signers certificate when signing. - -=item B<-noattr> - -Don't include any signed attributes when signing. - =item B<-recip> I The recipients certificate when decrypting a message. This certificate @@ -404,9 +396,9 @@ Verify a message and extract the signer's certificate if successful: Send encrypted mail using triple DES: - openssl smime -encrypt -in in.txt -from steve@openssl.org \ + openssl smime -encrypt -in in.txt -out mail.msg -from steve@openssl.org \ -to someone@somewhere -subject "Encrypted message" \ - -des3 user.pem -out mail.msg + -des3 user.pem Sign and encrypt mail: @@ -484,7 +476,7 @@ The B<-engine> option was deprecated in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/openssl-storeutl.pod.in b/doc/man1/openssl-storeutl.pod.in index f5c461e303..bdae599555 100644 --- a/doc/man1/openssl-storeutl.pod.in +++ b/doc/man1/openssl-storeutl.pod.in @@ -78,6 +78,9 @@ returned. Note that all options must be given before the I argument. +Note I<-keys> selects exclusively private keys, there is no selector for public +keys only. + =item B<-subject> I Search for an object having the subject name I. @@ -136,7 +139,7 @@ The B<-engine> option was deprecated in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/openssl-ts.pod.in b/doc/man1/openssl-ts.pod.in index 6f71820202..ecce6df8c7 100644 --- a/doc/man1/openssl-ts.pod.in +++ b/doc/man1/openssl-ts.pod.in @@ -163,9 +163,9 @@ use its own default policy. (Optional) =item B<-no_nonce> No nonce is specified in the request if this option is -given. Otherwise a 64 bit long pseudo-random none is -included in the request. It is recommended to use nonce to -protect against replay-attacks. (Optional) +given. Otherwise, a 64-bit long pseudo-random nonce is +included in the request. It is recommended to use a nonce to +protect against replay attacks. (Optional) =item B<-cert> @@ -584,10 +584,12 @@ To verify a timestamp reply that includes the certificate chain: -CAfile cacert.pem To verify a timestamp token against the original data file: + openssl ts -verify -data design2.txt -in design2.tsr \ -CAfile cacert.pem To verify a timestamp token against a message imprint: + openssl ts -verify -digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \ -in design2.tsr -CAfile cacert.pem @@ -652,7 +654,7 @@ L =head1 COPYRIGHT -Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/openssl-verification-options.pod b/doc/man1/openssl-verification-options.pod index 05bb560d86..676fbb38a5 100644 --- a/doc/man1/openssl-verification-options.pod +++ b/doc/man1/openssl-verification-options.pod @@ -24,8 +24,9 @@ The most important of them are detailed in the following sections. In a nutshell, a valid chain of certificates needs to be built up and verified starting from the I that is to be verified and ending in a certificate that due to some policy is trusted. -Verification is done relative to the given I, which is the intended use -of the target certificate, such as SSL server, or by default for any purpose. +Certificate validation can be performed in the context of a I, which +is a high-level specification of the intended use of the target certificate, +such as C for TLS servers, or (by default) for any purpose. The details of how each OpenSSL command handles errors are documented on the specific command page. @@ -150,16 +151,17 @@ the chain components and their links are checked thoroughly. The first step is to check that each certificate is well-formed. Part of these checks are enabled only if the B<-x509_strict> option is given. -The second step is to check the extensions of every untrusted certificate -for consistency with the supplied purpose. -If the B<-purpose> option is not given then no such checks are done -except for SSL/TLS connection setup, -where by default C or C, are checked. -The target or "leaf" certificate, as well as any other untrusted certificates, -must have extensions compatible with the specified purpose. -All certificates except the target or "leaf" must also be valid CA certificates. -The precise extensions required are described in more detail in -L. +The second step is to check the X.509v3 extensions of every certificate +for consistency with the intended specific purpose, if any. +If the B<-purpose> option is not given then no such checks are done except for +CMS signature checking, where by default C is checked, and SSL/(D)TLS +connection setup, where by default C or C are checked. +The X.509v3 extensions of the target or "leaf" certificate +must be compatible with the specified purpose. +All other certificates down the chain are checked to be valid CA certificates, +and possibly also further non-standard checks are performed. +The precise extensions required are described in detail +in the L section below. The third step is to check the trust settings on the last certificate (which typically is a self-signed root CA certificate). @@ -430,7 +432,7 @@ This option may be used multiple times. =item B<-policy> I Enable policy processing and add I to the user-initial-policy-set (see -RFC5280). The policy I can be an object name an OID in numeric form. +RFC5280). The policy I can be an object name or an OID in numeric form. This argument can appear more than once. =item B<-explicit_policy> @@ -455,13 +457,16 @@ Set policy variable inhibit-policy-mapping (see RFC5280). =item B<-purpose> I -The intended use for the certificate. -Currently defined purposes are C, C, C, +A high-level specification of the intended use of the target certificate. +Currently predefined purposes are C, C, C, C, C, C, C, C, C and C. If peer certificate verification is enabled, by default the TLS implementation -as well as the commands B and B check for consistency -with TLS server or TLS client use, respectively. +and thus the commands L and L +check for consistency with +TLS server (C) or TLS client use (C), respectively. +By default, CMS signature validation, which can be done via L, +checks for consistency with S/MIME signing use (C). While IETF RFC 5280 says that B and B are only for WWW use, in practice they are used for all kinds of TLS clients @@ -491,19 +496,20 @@ the subject certificate. =item B<-verify_name> I -Use default verification policies like trust model and required certificate -policies identified by I. +Use a set of verification parameters, also known as verification method, +identified by I. The currently predefined methods are named C, +C, C with alias C, C, and C. +These mimic the combinations of purpose and trust settings used in SSL/(D)TLS, +CMS/PKCS7 (including S/MIME), and code signing. + +The verification parameters include the trust model, various flags that can +partly be set also via other command-line options, and the verification purpose, +which in turn implies certificate key usage and extended key usage requirements. + The trust model determines which auxiliary trust or reject OIDs are applicable to verifying the given certificate chain. They can be given using the B<-addtrust> and B<-addreject> options for L. -Supported policy names include: B, B, B, -B, B. -These mimics the combinations of purpose and trust settings used in SSL, CMS -and S/MIME. -As of OpenSSL 1.1.0, the trust model is inferred from the purpose when not -specified, so the B<-verify_name> options are functionally equivalent to the -corresponding B<-purpose> settings. =back @@ -548,9 +554,8 @@ This option has no effect and is retained for backward compatibility only. =head2 Certificate Extensions -Options like B<-purpose> lead to checking the certificate extensions, -which determine what the target certificate and intermediate CA certificates -can be used for. +Options like B<-purpose> and B<-verify_name> trigger the processing of specific +certificate extensions, which determine what certificates can be used for. =head3 Basic Constraints @@ -574,87 +579,127 @@ keyCertSign bit set if the keyUsage extension is present. =head3 Extended Key Usage -The extKeyUsage (EKU) extension places additional restrictions on the -certificate uses. If this extension is present (whether critical or not) -the key can only be used for the purposes specified. +The extKeyUsage (EKU) extension places additional restrictions on +certificate use. If this extension is present (whether critical or not) +in an end-entity certficiate, the key is allowed only for the uses specified, +while the special EKU B allows for all uses. -A complete description of each check is given below. The comments about +Note that according to RFC 5280 section 4.2.1.12, +the Extended Key Usage extension will appear only in end-entity certificates, +and consequently the standard certification path validation described +in its section 6 does not include EKU checks for CA certificates. +The CA/Browser Forum requires for TLS server, S/MIME, and code signing use +the presence of respective EKUs in subordinate CA certificates (while excluding +them for root CA certificates), while taking over from RFC 5280 +the certificate validity concept and certificate path validation. + +For historic reasons, OpenSSL has its own way of interpreting and checking +EKU extensions on CA certificates, which may change in the future. +It does not require the presence of EKU extensions in CA certificates, +but in case the verification purpose is +C, C, C, C, or C, +it checks that any present EKU extension (that does not contain +B) contains the respective EKU as detailed below. +Moreover, it does these checks even for trust anchor certificates. + +=head3 Checks Implied by Specific Predefined Policies + +A specific description of each check is given below. The comments about basicConstraints and keyUsage and X.509v1 certificates above apply to B CA certificates. - =over 4 -=item B +=item B<(D)TLS Client> (C) -The extended key usage extension must be absent or include the "web client -authentication" OID. The keyUsage extension must be absent or it must have the -digitalSignature bit set. The Netscape certificate type must be absent -or it must have the SSL client bit set. +Any given extended key usage extension must allow for C +("TLS WWW client authentication"). -=item B +For target certificates, +the key usage must allow for C and/or C. +The Netscape certificate type must be absent or have the SSL client bit set. -The extended key usage extension must be absent or include the "web client -authentication" OID. -The Netscape certificate type must be absent or it must have the SSL CA bit set. -This is used as a work around if the basicConstraints extension is absent. +For all other certificates the normal CA checks apply. In addition, +the Netscape certificate type must be absent or have the SSL CA bit set. +This is used as a workaround if the basicConstraints extension is absent. -=item B +=item B<(D)TLS Server> (C) -The extended key usage extension must be absent or include the "web server -authentication" and/or one of the SGC OIDs. The keyUsage extension must be -absent or it -must have the digitalSignature, the keyEncipherment set or both bits set. +Any given extended key usage extension must allow for C +("TLS WWW server authentication") and/or include one of the SGC OIDs. + +For target certificates, the key usage must +allow for C, C, and/or C. The Netscape certificate type must be absent or have the SSL server bit set. -=item B +For all other certificates the normal CA checks apply. In addition, +the Netscape certificate type must be absent or have the SSL CA bit set. +This is used as a workaround if the basicConstraints extension is absent. -The extended key usage extension must be absent or include the "web server -authentication" and/or one of the SGC OIDs. The Netscape certificate type must -be absent or the SSL CA bit must be set. -This is used as a work around if the basicConstraints extension is absent. +=item B (C) -=item B - -For Netscape SSL clients to connect to an SSL server it must have the -keyEncipherment bit set if the keyUsage extension is present. This isn't +In addition to what has been described for B, for a Netscape +SSL client to connect to an SSL server, its EE certficate must have the +B bit set if the keyUsage extension is present. This isn't always valid because some cipher suites use the key for digital signing. Otherwise it is the same as a normal SSL server. -=item B +=item B -The extended key usage extension must be absent or include the "email -protection" OID. The Netscape certificate type must be absent or should have the -S/MIME bit set. If the S/MIME bit is not set in the Netscape certificate type +Any given extended key usage extension must allow for C. + +For target certificates, +the Netscape certificate type must be absent or should have the S/MIME bit set. +If the S/MIME bit is not set in the Netscape certificate type then the SSL client bit is tolerated as an alternative but a warning is shown. This is because some Verisign certificates don't set the S/MIME bit. -=item B +For all other certificates the normal CA checks apply. In addition, +the Netscape certificate type must be absent or have the S/MIME CA bit set. +This is used as a workaround if the basicConstraints extension is absent. -In addition to the common S/MIME client tests the digitalSignature bit or -the nonRepudiation bit must be set if the keyUsage extension is present. +=item B (C) -=item B +In addition to the common S/MIME checks, for target certficiates +the key usage must allow for C and/or B. -In addition to the common S/MIME tests the keyEncipherment bit must be set -if the keyUsage extension is present. +=item B (C) -=item B +In addition to the common S/MIME checks, for target certficiates +the key usage must allow for C. -The extended key usage extension must be absent or include the "email -protection" OID. The Netscape certificate type must be absent or must have the -S/MIME CA bit set. -This is used as a work around if the basicConstraints extension is absent. +=item B (C) -=item B +For target certificates, the key usage must allow for C. -The keyUsage extension must be absent or it must have the CRL signing bit -set. +For all other certifcates the normal CA checks apply. +Except in this case the basicConstraints extension must be present. -=item B +=item B (C) -The normal CA tests apply. Except in this case the basicConstraints extension -must be present. +For target certificates, no checks are performed at this stage, +but special checks apply; see L. + +For all other certifcates the normal CA checks apply. + +=item B (C) + +For target certificates, if the key usage extension is present, it must include +C and/or C and must not include other bits. +The EKU extension must be present and contain C only. +Moreover, it must be marked as critical. + +For all other certifcates the normal CA checks apply. + +=item B (C) + +For target certificates, +the key usage extension must be present and marked critical and +include , but must not include C nor C. +The EKU extension must be present and contain C, +but must not include C nor C. + +For all other certifcates the normal CA checks apply. =back @@ -671,6 +716,7 @@ only the first one (in the mentioned order of locations) is recognised. =head1 SEE ALSO L, +L, L, L, L, @@ -686,7 +732,7 @@ The checks enabled by B<-x509_strict> have been extended in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/openssl-x509.pod.in b/doc/man1/openssl-x509.pod.in index 3a5bd25d56..c22f0d681d 100644 --- a/doc/man1/openssl-x509.pod.in +++ b/doc/man1/openssl-x509.pod.in @@ -809,7 +809,7 @@ and key identifier extensions are included by default. =head1 COPYRIGHT -Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod index f4274d53b7..817dc22546 100644 --- a/doc/man1/openssl.pod +++ b/doc/man1/openssl.pod @@ -691,114 +691,22 @@ See L for a more detailed description. =head1 ENVIRONMENT -The OpenSSL library can be take some configuration parameters from the -environment. Some of these variables are listed below. For information -about specific commands, see L, -L, and L. +The OpenSSL libraries can take some configuration parameters from the +environment. + +For information about all environment variables used by the OpenSSL libraries, +such as B, B, and B, +see L. For information about the use of environment variables in configuration, see L. +For information about specific commands, see L, +L, and L. + For information about querying or specifying CPU architecture flags, see L, and L. -For information about all environment variables used by the OpenSSL libraries, -see L. - -=over 4 - -=item BI[,...] - -Enable tracing output of OpenSSL library, by name. -This output will only make sense if you know OpenSSL internals well. -Also, it might not give you any output at all -if OpenSSL was built without tracing support. - -The value is a comma separated list of names, with the following -available: - -=over 4 - -=item B - -Traces the OpenSSL trace API itself. - -=item B - -Traces OpenSSL library initialization and cleanup. - -=item B - -Traces the TLS/SSL protocol. - -=item B - -Traces the ciphers used by the TLS/SSL protocol. - -=item B - -Show details about provider and engine configuration. - -=item B - -The function that is used by RSA, DSA (etc) code to select registered -ENGINEs, cache defaults and functional references (etc), will generate -debugging summaries. - -=item B - -Reference counts in the ENGINE structure will be monitored with a line -of generated for each change. - -=item B - -Traces PKCS#5 v2 key generation. - -=item B - -Traces PKCS#12 key generation. - -=item B - -Traces PKCS#12 decryption. - -=item B - -Generates the complete policy tree at various points during X.509 v3 -policy evaluation. - -=item B - -Traces BIGNUM context operations. - -=item B - -Traces CMP client and server activity. - -=item B - -Traces STORE operations. - -=item B - -Traces decoder operations. - -=item B - -Traces encoder operations. - -=item B - -Traces decrementing certain ASN.1 structure references. - -=item B - -Traces the HTTP client and server, such as messages being sent and received. - -=back - -=back - =head1 SEE ALSO L, diff --git a/doc/man3/ASN1_INTEGER_new.pod b/doc/man3/ASN1_INTEGER_new.pod index 4722f880c0..869ac754f4 100644 --- a/doc/man3/ASN1_INTEGER_new.pod +++ b/doc/man3/ASN1_INTEGER_new.pod @@ -18,6 +18,7 @@ ASN1_INTEGER_new, ASN1_INTEGER_free - ASN1_INTEGER allocation functions ASN1_INTEGER_new() returns an allocated B structure. ASN1_INTEGER_free() frees up a single B object. +If the argument is NULL, nothing is done. B structure representing the ASN.1 INTEGER type @@ -34,7 +35,7 @@ L =head1 COPYRIGHT -Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/ASN1_TIME_set.pod b/doc/man3/ASN1_TIME_set.pod index 66d9fefe1a..bdef3fdbb1 100644 --- a/doc/man3/ASN1_TIME_set.pod +++ b/doc/man3/ASN1_TIME_set.pod @@ -102,8 +102,8 @@ functions check the syntax of the time structure I. The ASN1_TIME_print(), ASN1_UTCTIME_print() and ASN1_GENERALIZEDTIME_print() functions print the time structure I to BIO I in human readable -format. It will be of the format MMM DD HH:MM:SS YYYY [GMT], for example -"Feb 3 00:55:52 2015 GMT", which does not include a newline. +format. It will be of the format MMM DD HH:MM:SS[.s*] YYYY GMT, for example +"Feb E<32>3 00:55:52 2015 GMT", which does not include a newline. If the time structure has invalid format it prints out "Bad time value" and returns an error. The output for generalized time may include a fractional part following the second. @@ -179,6 +179,10 @@ starting with B and B act only on that specific time format. The functions starting with B will operate on either format. +Users familiar with RFC822 should note that when specifying the flag +B the year will be formatted as documented above, +i.e., using 4 digits, not 2 as specified in RFC822. + =head1 BUGS ASN1_TIME_print(), ASN1_UTCTIME_print() and ASN1_GENERALIZEDTIME_print() do @@ -272,7 +276,7 @@ The ASN1_TIME_compare() function was added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/ASN1_aux_cb.pod b/doc/man3/ASN1_aux_cb.pod index 1eb6b1d5b0..9963ea1350 100644 --- a/doc/man3/ASN1_aux_cb.pod +++ b/doc/man3/ASN1_aux_cb.pod @@ -87,7 +87,7 @@ found for the purposes of reference counting. =item I A callback that will be invoked at various points during the processing of -the the B. See below for further details. +the B. See below for further details. =item I @@ -97,7 +97,7 @@ will be saved if the B flag has been set. =item I A callback that will be invoked at various points during the processing of -the the B. This is used in preference to the I callback if +the B. This is used in preference to the I callback if the B flag is set. See below for further details. =back @@ -274,7 +274,7 @@ B operation types were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/ASYNC_WAIT_CTX_new.pod b/doc/man3/ASYNC_WAIT_CTX_new.pod index 7621a8b3a1..d85c51e555 100644 --- a/doc/man3/ASYNC_WAIT_CTX_new.pod +++ b/doc/man3/ASYNC_WAIT_CTX_new.pod @@ -178,6 +178,9 @@ operation, normally it is detected by a polling function or an interrupt, as the user code set a callback by calling ASYNC_WAIT_CTX_set_callback() previously, then the registered callback will be called. +ASYNC_WAIT_CTX_free() frees up a single B object. +If the argument is NULL, nothing is done. + =head1 RETURN VALUES ASYNC_WAIT_CTX_new() returns a pointer to the newly allocated B @@ -216,7 +219,7 @@ were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BIO_ADDR.pod b/doc/man3/BIO_ADDR.pod index eb5a4a8fe7..9dd2065ac4 100644 --- a/doc/man3/BIO_ADDR.pod +++ b/doc/man3/BIO_ADDR.pod @@ -18,7 +18,7 @@ BIO_ADDR_path_string - BIO_ADDR routines BIO_ADDR *BIO_ADDR_new(void); int BIO_ADDR_copy(BIO_ADDR *dst, const BIO_ADDR *src); BIO_ADDR *BIO_ADDR_dup(const BIO_ADDR *ap); - void BIO_ADDR_free(BIO_ADDR *); + void BIO_ADDR_free(BIO_ADDR *ap); void BIO_ADDR_clear(BIO_ADDR *ap); int BIO_ADDR_rawmake(BIO_ADDR *ap, int family, const void *where, size_t wherelen, unsigned short port); @@ -47,7 +47,7 @@ BIO_ADDR_dup() creates a new B, with a copy of the address data in B. BIO_ADDR_free() frees a B created with BIO_ADDR_new() -or BIO_ADDR_dup(); +or BIO_ADDR_dup(). If the argument is NULL, nothing is done. BIO_ADDR_clear() clears any data held within the provided B and sets it back to an uninitialised state. @@ -131,7 +131,7 @@ BIO_ADDR_copy() and BIO_ADDR_dup() were added in OpenSSL 3.2. =head1 COPYRIGHT -Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BIO_ADDRINFO.pod b/doc/man3/BIO_ADDRINFO.pod index 626052e7f8..71a14ff4f0 100644 --- a/doc/man3/BIO_ADDRINFO.pod +++ b/doc/man3/BIO_ADDRINFO.pod @@ -78,7 +78,7 @@ BIO_ADDRINFO_next() returns the next B in the chain from the given one. BIO_ADDRINFO_free() frees the chain of B starting -with the given one. +with the given one. If the argument is NULL, nothing is done. =head1 RETURN VALUES @@ -103,7 +103,7 @@ The BIO_lookup_ex() function was added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BIO_f_base64.pod b/doc/man3/BIO_f_base64.pod index c865f0a17a..c951d49261 100644 --- a/doc/man3/BIO_f_base64.pod +++ b/doc/man3/BIO_f_base64.pod @@ -21,25 +21,23 @@ any data read through it. Base64 BIOs do not support BIO_gets() or BIO_puts(). -For writing, output is by default divided to lines of length 64 -characters and there is always a newline at the end of output. +For writing, by default output is divided to lines of length 64 +characters and there is a newline at the end of output. +This behavior can be changed with B flag. -For reading, first line should be at most 1024 -characters long. If it is longer then it is ignored completely. -Other input lines can be of any length. There must be a newline -at the end of input. - -This behavior can be changed with BIO_FLAGS_BASE64_NO_NL flag. +For reading, first line should be at most 1024 bytes long including newline +unless the flag B is set. +Further input lines can be of any length (i.e., newlines may appear anywhere +in the input) and a newline at the end of input is not needed. BIO_flush() on a base64 BIO that is being written through is used to signal that no more data is to be encoded: this is used to flush the final block through the BIO. -The flag BIO_FLAGS_BASE64_NO_NL can be set with BIO_set_flags(). +The flag B can be set with BIO_set_flags(). For writing, it causes all data to be written on one line without newline at the end. -For reading, it expects the data to be all on one line (with or -without a trailing newline). +For reading, it removes all expectations on newlines in the input data. =head1 NOTES @@ -85,6 +83,10 @@ data to standard output: =head1 BUGS +On decoding, if the flag B is not set and +the first 1024 bytes of input do not include a newline character +the first two lines of input are ignored. + The ambiguity of EOF in base64 encoded data can cause additional data following the base64 encoded block to be misinterpreted. @@ -93,7 +95,7 @@ to reliably determine EOF (for example a MIME boundary). =head1 COPYRIGHT -Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BIO_find_type.pod b/doc/man3/BIO_find_type.pod index 452c29c1bf..2c97c8b12c 100644 --- a/doc/man3/BIO_find_type.pod +++ b/doc/man3/BIO_find_type.pod @@ -60,7 +60,7 @@ Traverse a chain looking for digest BIOs: =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BIO_meth_new.pod b/doc/man3/BIO_meth_new.pod index 589c1b18fc..b532190e5a 100644 --- a/doc/man3/BIO_meth_new.pod +++ b/doc/man3/BIO_meth_new.pod @@ -100,7 +100,7 @@ additionally have the "descriptor" bit set (B). See the L page for more information. BIO_meth_free() destroys a B structure and frees up any memory -associated with it. +associated with it. If the argument is NULL, nothing is done. BIO_meth_get_write_ex() and BIO_meth_set_write_ex() get and set the function used for writing arbitrary length data to the BIO respectively. This function @@ -186,7 +186,7 @@ The functions described here were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BIO_s_accept.pod b/doc/man3/BIO_s_accept.pod index 9abdb2be64..1fad672dd9 100644 --- a/doc/man3/BIO_s_accept.pod +++ b/doc/man3/BIO_s_accept.pod @@ -177,16 +177,16 @@ BIO_set_bind_mode(), BIO_get_bind_mode() and BIO_do_accept() are macros. BIO_do_accept(), BIO_set_accept_name(), BIO_set_accept_port(), BIO_set_nbio_accept(), BIO_set_accept_bios(), BIO_set_accept_ip_family(), and BIO_set_bind_mode() -return 1 for success and <=0 for failure. +return 1 for success and <= 0 for failure. BIO_get_accept_name() returns the accept name or NULL on error. BIO_get_peer_name() returns the peer name or NULL on error. BIO_get_accept_port() returns the accept port as a string or NULL on error. BIO_get_peer_port() returns the peer port as a string or NULL on error. -BIO_get_accept_ip_family() returns the IP family or <=0 on error. +BIO_get_accept_ip_family() returns the IP family or <= 0 on error. -BIO_get_bind_mode() returns the set of B flags, or <=0 on failure. +BIO_get_bind_mode() returns the set of B flags, or <= 0 on failure. BIO_new_accept() returns a BIO or NULL on error. diff --git a/doc/man3/BIO_s_connect.pod b/doc/man3/BIO_s_connect.pod index bcefbd59f8..0699e13389 100644 --- a/doc/man3/BIO_s_connect.pod +++ b/doc/man3/BIO_s_connect.pod @@ -64,7 +64,7 @@ a single call: that is it creates a new connect BIO with hostname B. BIO_set_conn_hostname() uses the string B to set the hostname. The hostname can be an IP address; if the address is an IPv6 one, it -must be enclosed with brackets C<[> and C<]>. +must be enclosed in brackets C<[> and C<]>. The hostname can also include the port in the form hostname:port; see L and BIO_set_conn_port() for details. diff --git a/doc/man3/BIO_s_mem.pod b/doc/man3/BIO_s_mem.pod index b9bfedcdc6..23631800d5 100644 --- a/doc/man3/BIO_s_mem.pod +++ b/doc/man3/BIO_s_mem.pod @@ -197,6 +197,10 @@ and BUF_MEM structure: ... free(data); +=head1 HISTORY + +BIO_s_dgram_mem() was added in OpenSSL 3.2. + =head1 COPYRIGHT Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man3/BN_add.pod b/doc/man3/BN_add.pod index 35cfdd1495..46966d9963 100644 --- a/doc/man3/BN_add.pod +++ b/doc/man3/BN_add.pod @@ -14,9 +14,9 @@ arithmetic operations on BIGNUMs int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); - int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); + int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); - int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx); + int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d, BN_CTX *ctx); @@ -25,25 +25,25 @@ arithmetic operations on BIGNUMs int BN_nnmod(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); - int BN_mod_add(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m, + int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx); - int BN_mod_sub(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m, + int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx); - int BN_mod_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m, + int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx); - int BN_mod_sqr(BIGNUM *r, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); + int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); - BIGNUM *BN_mod_sqrt(BIGNUM *in, BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); + BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); - int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx); + int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); - int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, + int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx); - int BN_gcd(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); + int BN_gcd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); =head1 DESCRIPTION @@ -135,7 +135,7 @@ L, L =head1 COPYRIGHT -Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BN_generate_prime.pod b/doc/man3/BN_generate_prime.pod index b536bcb3b7..accc8a749f 100644 --- a/doc/man3/BN_generate_prime.pod +++ b/doc/man3/BN_generate_prime.pod @@ -167,7 +167,8 @@ programs should prefer the "new" style, whilst the "old" style is provided for backwards compatibility purposes. A B structure should be created through a call to BN_GENCB_new(), -and freed through a call to BN_GENCB_free(). +and freed through a call to BN_GENCB_free(). If the argument is NULL, +nothing is done. For "new" style callbacks a BN_GENCB structure should be initialised with a call to BN_GENCB_set(), where B is a B, B is of @@ -245,7 +246,7 @@ BN_check_prime() was added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BN_set_bit.pod b/doc/man3/BN_set_bit.pod index 349ef9e056..ddc27d0c40 100644 --- a/doc/man3/BN_set_bit.pod +++ b/doc/man3/BN_set_bit.pod @@ -33,8 +33,11 @@ error occurs if B is shorter than B bits. BN_is_bit_set() tests if bit B in B is set. BN_mask_bits() truncates B to an B bit number -(CEn)>). An error occurs if B already is -shorter than B bits. +(CEn)>). An error occurs if B is negative. An error is +also returned if the internal representation of B is already shorter than +B bits. The internal representation depends on the platform's word size, and +this error can be safely ignored. Use L to determine the exact +number of bits if needed. BN_lshift() shifts B left by B bits and places the result in B (C). Note that B must be nonnegative. BN_lshift1() shifts @@ -59,7 +62,7 @@ L, L =head1 COPYRIGHT -Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BUF_MEM_new.pod b/doc/man3/BUF_MEM_new.pod index 262e18f31b..79de43a1df 100644 --- a/doc/man3/BUF_MEM_new.pod +++ b/doc/man3/BUF_MEM_new.pod @@ -34,6 +34,7 @@ should be allocated on the secure heap; see L. BUF_MEM_free() frees up an already existing buffer. The data is zeroed before freeing up in case the buffer contains sensitive data. +If the argument is NULL, nothing is done. BUF_MEM_grow() changes the size of an already existing buffer to B. Any data already in the buffer is preserved if it increases in @@ -65,7 +66,7 @@ The BUF_MEM_new_ex() function was added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/CMS_signed_get_attr.pod b/doc/man3/CMS_signed_get_attr.pod index 833cfc441b..3ed904ef8a 100644 --- a/doc/man3/CMS_signed_get_attr.pod +++ b/doc/man3/CMS_signed_get_attr.pod @@ -204,7 +204,7 @@ L =head1 COPYRIGHT -Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/COMP_CTX_new.pod b/doc/man3/COMP_CTX_new.pod index 997f1187f4..ce4717d733 100644 --- a/doc/man3/COMP_CTX_new.pod +++ b/doc/man3/COMP_CTX_new.pod @@ -54,7 +54,9 @@ These functions provide compression support for OpenSSL. Compression is used wit the OpenSSL library to support TLS record and certificate compression. COMP_CTX_new() is used to create a new B structure used to compress data. + COMP_CTX_free() is used to free the returned B. +If the argument is NULL, nothing is done. COMP_CTX_get_method() returns the B of the given I. @@ -172,7 +174,7 @@ Brotli and Zstandard functions were added in OpenSSL 3.2. =head1 COPYRIGHT -Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/CRYPTO_THREAD_run_once.pod b/doc/man3/CRYPTO_THREAD_run_once.pod index 470b741c10..4db4bc785b 100644 --- a/doc/man3/CRYPTO_THREAD_run_once.pod +++ b/doc/man3/CRYPTO_THREAD_run_once.pod @@ -81,6 +81,7 @@ CRYPTO_THREAD_unlock() unlocks the previously locked I. =item * CRYPTO_THREAD_lock_free() frees the provided I. +If the argument is NULL, nothing is done. =item * @@ -213,10 +214,13 @@ This example safely initializes and uses a lock. { int ret = 0; - if (mylock()) { - /* Your code here, do not return without releasing the lock! */ - ret = ... ; + if (!mylock()) { + /* Do not unlock unless the lock was successfully acquired. */ + return 0; } + + /* Your code here, do not return without releasing the lock! */ + ret = ... ; myunlock(); return ret; } @@ -233,7 +237,7 @@ L, L. =head1 COPYRIGHT -Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/CTLOG_STORE_new.pod b/doc/man3/CTLOG_STORE_new.pod index 801b1447e1..361eda57b1 100644 --- a/doc/man3/CTLOG_STORE_new.pod +++ b/doc/man3/CTLOG_STORE_new.pod @@ -52,7 +52,7 @@ The expected format of the file is: Once a CTLOG_STORE is no longer required, it should be passed to CTLOG_STORE_free(). This will delete all of the CTLOGs stored within, along -with the CTLOG_STORE itself. +with the CTLOG_STORE itself. If the argument is NULL, nothing is done. =head1 NOTES @@ -78,7 +78,7 @@ added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/CTLOG_new.pod b/doc/man3/CTLOG_new.pod index 30b8068249..7a78a6c58d 100644 --- a/doc/man3/CTLOG_new.pod +++ b/doc/man3/CTLOG_new.pod @@ -50,7 +50,7 @@ property query string are used. Regardless of whether CTLOG_new() or CTLOG_new_from_base64() is used, it is the caller's responsibility to pass the CTLOG to CTLOG_free() once it is no longer needed. This will delete it and, if created by CTLOG_new(), the EVP_PKEY that -was passed to it. +was passed to it. If the argument to CTLOG_free() is NULL, nothing is done. CTLOG_get0_name() returns the name of the log, as provided when the CTLOG was created. Ownership of the string remains with the CTLOG. @@ -80,7 +80,7 @@ were added in OpenSSL 3.0. All other functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/CT_POLICY_EVAL_CTX_new.pod b/doc/man3/CT_POLICY_EVAL_CTX_new.pod index bba6778d2d..3b79980c43 100644 --- a/doc/man3/CT_POLICY_EVAL_CTX_new.pod +++ b/doc/man3/CT_POLICY_EVAL_CTX_new.pod @@ -105,7 +105,8 @@ The time should be in milliseconds since the Unix Epoch. Each setter has a matching getter for accessing the current value. When no longer required, the B should be passed to -CT_POLICY_EVAL_CTX_free() to delete it. +CT_POLICY_EVAL_CTX_free() to delete it. If the argument to +CT_POLICY_EVAL_CTX_free() is NULL, nothing is done. =head1 NOTES @@ -130,7 +131,7 @@ functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/DEFINE_STACK_OF.pod b/doc/man3/DEFINE_STACK_OF.pod index 7b3c724af2..ff2074820f 100644 --- a/doc/man3/DEFINE_STACK_OF.pod +++ b/doc/man3/DEFINE_STACK_OF.pod @@ -41,8 +41,8 @@ OPENSSL_sk_unshift, OPENSSL_sk_value, OPENSSL_sk_zero STACK_OF(TYPE) *sk_TYPE_new(sk_TYPE_compfunc compare); STACK_OF(TYPE) *sk_TYPE_new_null(void); int sk_TYPE_reserve(STACK_OF(TYPE) *sk, int n); - void sk_TYPE_free(const STACK_OF(TYPE) *sk); - void sk_TYPE_zero(const STACK_OF(TYPE) *sk); + void sk_TYPE_free(STACK_OF(TYPE) *sk); + void sk_TYPE_zero(STACK_OF(TYPE) *sk); TYPE *sk_TYPE_delete(STACK_OF(TYPE) *sk, int i); TYPE *sk_TYPE_delete_ptr(STACK_OF(TYPE) *sk, TYPE *ptr); int sk_TYPE_push(STACK_OF(TYPE) *sk, const TYPE *ptr); @@ -301,7 +301,7 @@ was changed to return 0 in this condition as for other errors. =head1 COPYRIGHT -Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/DH_meth_new.pod b/doc/man3/DH_meth_new.pod index 779a695167..d5ba5eac56 100644 --- a/doc/man3/DH_meth_new.pod +++ b/doc/man3/DH_meth_new.pod @@ -81,7 +81,7 @@ parameter. This might be useful for creating a new B based on an existing one, but with some differences. DH_meth_free() destroys a B structure and frees up any memory -associated with it. +associated with it. If the argument is NULL, nothing is done. DH_meth_get0_name() will return a pointer to the name of this DH_METHOD. This is a pointer to the internal name string and so should not be freed by the @@ -166,7 +166,7 @@ The functions described here were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/DSA_SIG_new.pod b/doc/man3/DSA_SIG_new.pod index 1f532d3000..158da2d7dd 100644 --- a/doc/man3/DSA_SIG_new.pod +++ b/doc/man3/DSA_SIG_new.pod @@ -20,6 +20,7 @@ DSA_SIG_new() allocates an empty B structure. DSA_SIG_free() frees the B structure and its components. The values are erased before the memory is returned to the system. +If the argument is NULL, nothing is done. DSA_SIG_get0() returns internal pointers to the B and B values contained in B. @@ -48,7 +49,7 @@ L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/DSA_meth_new.pod b/doc/man3/DSA_meth_new.pod index f8f5a1f022..534561c610 100644 --- a/doc/man3/DSA_meth_new.pod +++ b/doc/man3/DSA_meth_new.pod @@ -110,7 +110,7 @@ parameter. This might be useful for creating a new B based on an existing one, but with some differences. DSA_meth_free() destroys a B structure and frees up any memory -associated with it. +associated with it. If the argument is NULL, nothing is done. DSA_meth_get0_name() will return a pointer to the name of this DSA_METHOD. This is a pointer to the internal name string and so should not be freed by the @@ -214,7 +214,7 @@ The functions described here were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/ECDSA_SIG_new.pod b/doc/man3/ECDSA_SIG_new.pod index 3266c43b55..e56ec959ed 100644 --- a/doc/man3/ECDSA_SIG_new.pod +++ b/doc/man3/ECDSA_SIG_new.pod @@ -31,6 +31,7 @@ ECDSA_SIG_new() allocates an empty B structure. Note: before OpenSSL 1.1.0, the I and I components were initialised. ECDSA_SIG_free() frees the B structure I. +If the argument is NULL, nothing is done. ECDSA_SIG_get0() returns internal pointers the I and I values contained in I and stores them in I<*pr> and I<*ps>, respectively. @@ -136,7 +137,7 @@ L =head1 COPYRIGHT -Copyright 2004-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2004-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/ECDSA_sign.pod b/doc/man3/ECDSA_sign.pod index 7e56466653..88e851885a 100644 --- a/doc/man3/ECDSA_sign.pod +++ b/doc/man3/ECDSA_sign.pod @@ -52,7 +52,7 @@ size use L with a NULL I parameter. ECDSA_sign() computes a digital signature of the I bytes hash value I using the private EC key I. The DER encoded signatures is -stored in I and its length is returned in I. Note: I must +stored in I and its length is returned in I. Note: I must point to ECDSA_size(eckey) bytes of memory. The parameter I is currently ignored. ECDSA_sign() is wrapper function for ECDSA_sign_ex() with I and I set to NULL. @@ -82,7 +82,7 @@ used in a later call to ECDSA_sign_ex() or ECDSA_do_sign_ex(). ECDSA_sign_ex() computes a digital signature of the I bytes hash value I using the private EC key I and the optional pre-computed values I and I. The DER encoded signature is stored in I and its -length is returned in I. Note: I must point to ECDSA_size(eckey) +length is returned in I. Note: I must point to ECDSA_size(eckey) bytes of memory. The parameter I is ignored. ECDSA_do_sign_ex() is similar to ECDSA_sign_ex() except the signature is diff --git a/doc/man3/ENGINE_add.pod b/doc/man3/ENGINE_add.pod index 55e5d76fcd..24c83c5764 100644 --- a/doc/man3/ENGINE_add.pod +++ b/doc/man3/ENGINE_add.pod @@ -227,7 +227,8 @@ references such as; ENGINE_by_id(), ENGINE_get_first(), ENGINE_get_last(), ENGINE_get_next(), ENGINE_get_prev(). All structural references should be released by a corresponding to call to the ENGINE_free() function - the ENGINE object itself will only actually be cleaned up and deallocated when -the last structural reference is released. +the last structural reference is released. If the argument to ENGINE_free() +is NULL, nothing is done. It should also be noted that many ENGINE API function calls that accept a structural reference will internally obtain another reference - typically @@ -665,7 +666,7 @@ and should not be used. =head1 COPYRIGHT -Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_ASYM_CIPHER_free.pod b/doc/man3/EVP_ASYM_CIPHER_free.pod index c158ec1ae7..162ad7ed76 100644 --- a/doc/man3/EVP_ASYM_CIPHER_free.pod +++ b/doc/man3/EVP_ASYM_CIPHER_free.pod @@ -45,7 +45,7 @@ The returned value must eventually be freed with EVP_ASYM_CIPHER_free(). EVP_ASYM_CIPHER_free() decrements the reference count for the B structure. Typically this structure will have been obtained from an earlier call to EVP_ASYM_CIPHER_fetch(). If the reference count drops to 0 then the -structure is freed. +structure is freed. If the argument is NULL, nothing is done. EVP_ASYM_CIPHER_up_ref() increments the reference count for an B structure. @@ -102,7 +102,7 @@ The functions described here were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_CIPHER_meth_new.pod b/doc/man3/EVP_CIPHER_meth_new.pod index 35d4db2a66..8638cd3009 100644 --- a/doc/man3/EVP_CIPHER_meth_new.pod +++ b/doc/man3/EVP_CIPHER_meth_new.pod @@ -80,6 +80,7 @@ EVP_CIPHER_meth_new() creates a new B structure. EVP_CIPHER_meth_dup() creates a copy of B. EVP_CIPHER_meth_free() destroys a B structure. +If the argument is NULL, nothing is done. EVP_CIPHER_meth_set_iv_length() sets the length of the IV. This is only needed when the implemented cipher mode requires it. @@ -249,7 +250,7 @@ counted in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_DigestInit.pod b/doc/man3/EVP_DigestInit.pod index 90559a112e..70d0836ec2 100644 --- a/doc/man3/EVP_DigestInit.pod +++ b/doc/man3/EVP_DigestInit.pod @@ -160,6 +160,7 @@ Increments the reference count for an B structure. Decrements the reference count for the fetched B structure. If the reference count drops to 0 then the structure is freed. +If the argument is NULL, nothing is done. =item EVP_MD_CTX_new() @@ -173,6 +174,7 @@ existing context. =item EVP_MD_CTX_free() Cleans up digest context I and frees up the space allocated to it. +If the argument is NULL, nothing is done. =item EVP_MD_CTX_ctrl() @@ -548,9 +550,13 @@ can be used the manipulate and test these B flags: This flag instructs the digest to optimize for one update only, if possible. -=for comment EVP_MD_CTX_FLAG_CLEANED is internal, don't mention it +=item EVP_MD_CTX_FLAG_CLEANED -=for comment EVP_MD_CTX_FLAG_REUSE is internal, don't mention it +This flag is for internal use only and I be used in user code. + +=item EVP_MD_CTX_FLAG_REUSE + +This flag is for internal use only and I be used in user code. =for comment We currently avoid documenting flags that are only bit holder: EVP_MD_CTX_FLAG_NON_FIPS_ALLOW, EVP_MD_CTX_FLAGS_PAD_* @@ -811,7 +817,7 @@ The EVP_DigestSqueeze() function was added in OpenSSL 3.3. =head1 COPYRIGHT -Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_DigestSignInit.pod b/doc/man3/EVP_DigestSignInit.pod index 07e99db231..a286c75cc4 100644 --- a/doc/man3/EVP_DigestSignInit.pod +++ b/doc/man3/EVP_DigestSignInit.pod @@ -128,13 +128,12 @@ I parameter should contain the length of the I buffer. If the call is successful the signature is written to I and the amount of data written to I. -EVP_DigestSign() signs I bytes of data at I and places the -signature in I and its length in I in a similar way to -EVP_DigestSignFinal(). In the event of a failure EVP_DigestSign() cannot be -called again without reinitialising the EVP_MD_CTX. If I is NULL before the -call then I will be populated with the required size for the I -buffer. If I is non-NULL before the call then I should contain the -length of the I buffer. +EVP_DigestSign() is similar to a single call to EVP_DigestSignUpdate() and +EVP_DigestSignFinal(). +Unless I is NULL, EVP_DigestSign() signs the data I of length I +bytes and places the signature in a buffer I of size I. +If I is NULL, the maximum necessary size of the signature buffer is written +to the I parameter. =head1 RETURN VALUES @@ -179,6 +178,10 @@ multiple times on a context and the parameters set by previous calls should be preserved if the I parameter is NULL. The call then just resets the state of the I. +EVP_DigestSign() can not be called again, once a signature is generated (by +passing I as non NULL), unless the B is reinitialised by +calling EVP_DigestSignInit_ex(). + Ignoring failure returns of EVP_DigestSignInit() and EVP_DigestSignInit_ex() functions can lead to subsequent undefined behavior when calling EVP_DigestSignUpdate(), EVP_DigestSignFinal(), or EVP_DigestSign(). @@ -208,7 +211,7 @@ EVP_DigestSignUpdate() was converted from a macro to a function in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_DigestVerifyInit.pod b/doc/man3/EVP_DigestVerifyInit.pod index c927b7e4e8..dc694308f9 100644 --- a/doc/man3/EVP_DigestVerifyInit.pod +++ b/doc/man3/EVP_DigestVerifyInit.pod @@ -168,6 +168,9 @@ multiple times on a context and the parameters set by previous calls should be preserved if the I parameter is NULL. The call then just resets the state of the I. +EVP_DigestVerify() can only be called once, and cannot be used again without +reinitialising the B by calling EVP_DigestVerifyInit_ex(). + Ignoring failure returns of EVP_DigestVerifyInit() and EVP_DigestVerifyInit_ex() functions can lead to subsequent undefined behavior when calling EVP_DigestVerifyUpdate(), EVP_DigestVerifyFinal(), or EVP_DigestVerify(). @@ -193,7 +196,7 @@ EVP_DigestVerifyUpdate() was converted from a macro to a function in OpenSSL =head1 COPYRIGHT -Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_EncodeInit.pod b/doc/man3/EVP_EncodeInit.pod index 2b9e02e02d..03c6f4e605 100644 --- a/doc/man3/EVP_EncodeInit.pod +++ b/doc/man3/EVP_EncodeInit.pod @@ -41,7 +41,7 @@ EVP_ENCODE_CTX_new() allocates, initializes and returns a context to be used for the encode/decode functions. EVP_ENCODE_CTX_free() cleans up an encode/decode context B and frees up the -space allocated to it. +space allocated to it. If the argument is NULL, nothing is done. Encoding of binary data is performed in blocks of 48 input bytes (or less for the final block). For each 48 byte input block encoded 64 bytes of base 64 data @@ -151,7 +151,7 @@ L =head1 COPYRIGHT -Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod index 3f7425f5cb..40e0fe3335 100644 --- a/doc/man3/EVP_EncryptInit.pod +++ b/doc/man3/EVP_EncryptInit.pod @@ -272,6 +272,7 @@ Increments the reference count for an B structure. Decrements the reference count for the fetched B structure. If the reference count drops to 0 then the structure is freed. +If the argument is NULL, nothing is done. =item EVP_CIPHER_CTX_new() @@ -280,15 +281,15 @@ Allocates and returns a cipher context. =item EVP_CIPHER_CTX_free() Clears all information from a cipher context and frees any allocated memory -associated with it, including I itself. This function should be called after -all operations using a cipher are complete so sensitive information does not -remain in memory. +associated with it, including I itself. This function should be called +after all operations using a cipher are complete so sensitive information does +not remain in memory. If the argument is NULL, nothing is done. =item EVP_CIPHER_CTX_dup() Can be used to duplicate the cipher state from I. This is useful -to avoid multiple EVP_MD_fetch() calls or if large amounts of data are to be -hashed which only differ in the last few bytes. +to avoid multiple EVP_CIPHER_fetch() calls or if large amounts of data are to be +fed which only differ in the last few bytes. =item EVP_CIPHER_CTX_copy() @@ -374,9 +375,13 @@ exists. Encrypts I bytes from the buffer I and writes the encrypted version to I. The pointers I and I may point to the same location, in which -case the encryption will be done in-place. If I and I point to different -locations, the two buffers must be disjoint, otherwise the operation might fail -or the outcome might be undefined. +case the encryption will be done in-place. However, in-place encryption is +guaranteed to work only if the encryption context (I) has processed data in +multiples of the block size. If the context contains an incomplete data block +from previous operations, in-place encryption will fail. + +If I and I point to different locations, the two buffers must be +disjoint, otherwise the operation might fail or the outcome might be undefined. This function can be called multiple times to encrypt successive blocks of data. The amount of data written depends on the block alignment of the @@ -1241,7 +1246,7 @@ EVP_CIPHER_up_ref() returns 1 for success or 0 otherwise. EVP_CIPHER_CTX_new() returns a pointer to a newly created B for success and B for failure. -EVP_CIPHER_CTX_dup() returns a new EVP_MD_CTX if successful or NULL on failure. +EVP_CIPHER_CTX_dup() returns a new EVP_CIPHER_CTX if successful or NULL on failure. EVP_CIPHER_CTX_copy() returns 1 if successful or 0 for failure. @@ -1251,15 +1256,18 @@ return 1 for success and 0 for failure. EVP_DecryptInit_ex2() and EVP_DecryptUpdate() return 1 for success and 0 for failure. EVP_DecryptFinal_ex() returns 0 if the decrypt failed or 1 for success. -EVP_CipherInit_ex2() and EVP_CipherUpdate() return 1 for success and 0 for failure. -EVP_CipherFinal_ex() returns 0 for a decryption failure or 1 for success. +EVP_CipherInit_ex2() and EVP_CipherUpdate() return 1 for success and 0 for +failure. +EVP_CipherFinal_ex() returns 0 for an encryption/decryption failure or 1 for +success. EVP_Cipher() returns 1 on success and <= 0 on failure, if the flag B is not set for the cipher, or if the cipher has not been initialized via a call to B. -EVP_Cipher() returns the number of bytes written to I for encryption / decryption, or -the number of bytes authenticated in a call specifying AAD for an AEAD cipher, if the flag -B is set for the cipher. +EVP_Cipher() returns the number of bytes written to I for +encryption/decryption, or the number of bytes authenticated in a call specifying +AAD for an AEAD cipher, if the flag B is set for +the cipher. EVP_CIPHER_CTX_reset() returns 1 for success and 0 for failure. @@ -1338,6 +1346,15 @@ indicates whether the operation was successful. If it does not indicate success, the authentication operation has failed and any output data B be used as it is corrupted. +Please note that the number of authenticated bytes returned by +EVP_CipherUpdate() depends on the cipher used. Stream ciphers, such as ChaCha20 +or ciphers in GCM mode, can handle 1 byte at a time, resulting in an effective +"block" size of 1. Conversely, ciphers in OCB mode must process data one block +at a time, and the block size is returned. + +Regardless of the returned size, it is safe to pass unpadded data to an +EVP_CipherUpdate() call in a single operation. + =head2 GCM and OCB Modes The following Is are supported in GCM and OCB modes. @@ -1373,10 +1390,9 @@ For GCM, this call is only valid when decrypting data. For OCB, this call is valid when decrypting data to set the expected tag, and when encrypting to set the desired tag length. -In OCB mode, calling this when encrypting with C set to C sets the -tag length. The tag length can only be set before specifying an IV. If this is -not called prior to setting the IV during encryption, then a default tag length -is used. +In OCB mode, calling this with C set to C sets the tag length. +The tag length can only be set before specifying an IV. If this is not called +prior to setting the IV, then a default tag length is used. For OCB AES, the default tag length is 16 (i.e. 128 bits). It is also the maximum tag length for OCB. @@ -1796,7 +1812,7 @@ EVP_CIPHER_CTX_dup() was added in OpenSSL 3.2. =head1 COPYRIGHT -Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_KDF.pod b/doc/man3/EVP_KDF.pod index 9009fd21c1..9447651a34 100644 --- a/doc/man3/EVP_KDF.pod +++ b/doc/man3/EVP_KDF.pod @@ -304,7 +304,7 @@ This functionality was added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_KEM_free.pod b/doc/man3/EVP_KEM_free.pod index 575abc5f57..b0ef604757 100644 --- a/doc/man3/EVP_KEM_free.pod +++ b/doc/man3/EVP_KEM_free.pod @@ -41,6 +41,7 @@ The returned value must eventually be freed with EVP_KEM_free(). EVP_KEM_free() decrements the reference count for the B structure. Typically this structure will have been obtained from an earlier call to EVP_KEM_fetch(). If the reference count drops to 0 then the structure is freed. +If the argument is NULL, nothing is done. EVP_KEM_up_ref() increments the reference count for an B structure. @@ -95,7 +96,7 @@ The functions described here were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_KEYEXCH_free.pod b/doc/man3/EVP_KEYEXCH_free.pod index 272855ccb3..e08f44e60c 100644 --- a/doc/man3/EVP_KEYEXCH_free.pod +++ b/doc/man3/EVP_KEYEXCH_free.pod @@ -41,7 +41,7 @@ The returned value must eventually be freed with EVP_KEYEXCH_free(). EVP_KEYEXCH_free() decrements the reference count for the B structure. Typically this structure will have been obtained from an earlier call to EVP_KEYEXCH_fetch(). If the reference count drops to 0 then the -structure is freed. +structure is freed. If the argument is NULL, nothing is done. EVP_KEYEXCH_up_ref() increments the reference count for an B structure. @@ -101,7 +101,7 @@ The functions described here were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_KEYMGMT.pod b/doc/man3/EVP_KEYMGMT.pod index da03286a99..4c0c3b776c 100644 --- a/doc/man3/EVP_KEYMGMT.pod +++ b/doc/man3/EVP_KEYMGMT.pod @@ -62,6 +62,7 @@ B I. EVP_KEYMGMT_free() decrements the reference count for the given B I, and when the count reaches zero, frees it. +If the argument is NULL, nothing is done. EVP_KEYMGMT_get0_provider() returns the provider that has this particular implementation. @@ -140,7 +141,7 @@ The functions described here were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_MAC.pod b/doc/man3/EVP_MAC.pod index 7983e51fd1..defa404268 100644 --- a/doc/man3/EVP_MAC.pod +++ b/doc/man3/EVP_MAC.pod @@ -493,7 +493,7 @@ These functions were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2018-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_MD_meth_new.pod b/doc/man3/EVP_MD_meth_new.pod index a553c378f3..3497973323 100644 --- a/doc/man3/EVP_MD_meth_new.pod +++ b/doc/man3/EVP_MD_meth_new.pod @@ -74,6 +74,7 @@ EVP_MD_meth_dup() creates a copy of B. EVP_MD_meth_free() decrements the reference count for the B structure. If the reference count drops to 0 then the structure is freed. +If the argument is NULL, nothing is done. EVP_MD_meth_set_input_blocksize() sets the internal input block size for the method B to B bytes. @@ -194,7 +195,7 @@ counted in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_PKEY_ASN1_METHOD.pod b/doc/man3/EVP_PKEY_ASN1_METHOD.pod index cc50d363da..41f058fe54 100644 --- a/doc/man3/EVP_PKEY_ASN1_METHOD.pod +++ b/doc/man3/EVP_PKEY_ASN1_METHOD.pod @@ -393,7 +393,7 @@ This function is not thread safe, it's recommended to only use this when initializing the application. EVP_PKEY_asn1_free() frees an existing B pointed -by B. +by B. If the argument is NULL, nothing is done. EVP_PKEY_asn1_add0() adds B to the user defined stack of methods unless another B with the same NID is @@ -439,7 +439,7 @@ parameter is now constified. =head1 COPYRIGHT -Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_PKEY_CTX_ctrl.pod b/doc/man3/EVP_PKEY_CTX_ctrl.pod index edbcb0dce8..b29353b8ae 100644 --- a/doc/man3/EVP_PKEY_CTX_ctrl.pod +++ b/doc/man3/EVP_PKEY_CTX_ctrl.pod @@ -396,11 +396,12 @@ negotiated protocol version. Otherwise it should be left unset. Similarly to the B above, since OpenSSL version 3.2.0, the use of B will return a randomly generated message instead of padding errors in case padding checks fail. Applications that -want to remain secure while using earlier versions of OpenSSL, still need to +want to remain secure while using earlier versions of OpenSSL, or a provider +that doesn't implement the implicit rejection mechanism, still need to handle both the error code from the RSA decryption operation and the returned message in a side channel secure manner. This protection against Bleichenbacher attacks can be disabled by setting -the OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION (an unsigned integer) to 0. +B (an unsigned integer) to 0. =head2 DSA parameters @@ -696,7 +697,7 @@ and EVP_PKEY_CTX_get0_ecdh_kdf_ukm() were deprecated in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_PKEY_CTX_set_params.pod b/doc/man3/EVP_PKEY_CTX_set_params.pod index c02151654c..8947648ccb 100644 --- a/doc/man3/EVP_PKEY_CTX_set_params.pod +++ b/doc/man3/EVP_PKEY_CTX_set_params.pod @@ -23,7 +23,9 @@ The EVP_PKEY_CTX_get_params() and EVP_PKEY_CTX_set_params() functions allow transfer of arbitrary key parameters to and from providers. Not all parameters may be supported by all providers. See L for more information on providers. -See L for more information on parameters. +The I field is a pointer to a list of B structures, +terminated with a L struct. +See L for information about passing parameters. These functions must only be called after the EVP_PKEY_CTX has been initialised for use in an operation. These methods replace the EVP_PKEY_CTX_ctrl() mechanism. (EVP_PKEY_CTX_ctrl now @@ -84,7 +86,7 @@ All functions were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_PKEY_check.pod b/doc/man3/EVP_PKEY_check.pod index 485d350529..04751f0bd5 100644 --- a/doc/man3/EVP_PKEY_check.pod +++ b/doc/man3/EVP_PKEY_check.pod @@ -61,6 +61,11 @@ It is not necessary to call these functions after locally calling an approved ke generation method, but may be required for assurance purposes when receiving keys from a third party. +The EVP_PKEY_pairwise_check() and EVP_PKEY_private_check() might not be bounded +by any key size limits as private keys are not expected to be supplied by +attackers. For that reason they might take an unbounded time if run on +arbitrarily large keys. + =head1 RETURN VALUES All functions return 1 for success or others for failure. @@ -86,7 +91,7 @@ EVP_PKEY_private_check() and EVP_PKEY_pairwise_check() were added in OpenSSL 3.0 =head1 COPYRIGHT -Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_PKEY_decapsulate.pod b/doc/man3/EVP_PKEY_decapsulate.pod index b59aab8bbf..286e956400 100644 --- a/doc/man3/EVP_PKEY_decapsulate.pod +++ b/doc/man3/EVP_PKEY_decapsulate.pod @@ -31,10 +31,13 @@ key that is used during decapsulation. The EVP_PKEY_decapsulate() function performs a private key decapsulation operation using I. The data to be decapsulated is specified using the I and I parameters. -If I is NULL then the maximum size of the output secret buffer +If I is NULL then the size of the output secret buffer is written to I<*unwrappedlen>. If I is not NULL and the call is successful then the decapsulated secret data is written to I -and the amount of data written to I<*unwrappedlen>. +and the amount of data written to I<*unwrappedlen>. Note that, if I +is not NULL in this call, the value it points to must be initialised to the length of +I, so that the call can validate it is of sufficient size to hold the +result of the operation. =head1 NOTES @@ -64,7 +67,7 @@ Decapsulate data using RSA: unsigned char *secret = NULL;; ctx = EVP_PKEY_CTX_new_from_pkey(libctx, rsa_priv_key, NULL); - if (ctx = NULL) + if (ctx == NULL) /* Error */ if (EVP_PKEY_decapsulate_init(ctx, NULL) <= 0) /* Error */ diff --git a/doc/man3/EVP_PKEY_decrypt.pod b/doc/man3/EVP_PKEY_decrypt.pod index 67e3f2da1e..7d6807d68b 100644 --- a/doc/man3/EVP_PKEY_decrypt.pod +++ b/doc/man3/EVP_PKEY_decrypt.pod @@ -56,12 +56,21 @@ algorithm. In OpenSSL versions before 3.2.0, when used in PKCS#1 v1.5 padding, both the return value from the EVP_PKEY_decrypt() and the B provided information useful in mounting a Bleichenbacher attack against the -used private key. They had to processed in a side-channel free way. +used private key. They had to be processed in a side-channel free way. Since version 3.2.0, the EVP_PKEY_decrypt() method when used with PKCS#1 -v1.5 padding doesn't return an error in case it detects an error in padding, +v1.5 padding as implemented in the B provider implements +the implicit rejection mechanism (see +B in L). +That means it doesn't return an error when it detects an error in padding, instead it returns a pseudo-randomly generated message, removing the need of side-channel secure code from applications using OpenSSL. +If OpenSSL is configured to use a provider that doesn't implement implicit +rejection, the code still needs to handle the returned values +using side-channel free code. +Side-channel free handling of the error stack can be performed using +either a pair of unconditional L and L +calls or by using the L call. =head1 EXAMPLES @@ -117,7 +126,7 @@ These functions were added in OpenSSL 1.0.0. =head1 COPYRIGHT -Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_PKEY_encapsulate.pod b/doc/man3/EVP_PKEY_encapsulate.pod index 6874f31cf5..04025592d9 100644 --- a/doc/man3/EVP_PKEY_encapsulate.pod +++ b/doc/man3/EVP_PKEY_encapsulate.pod @@ -41,7 +41,10 @@ unless I is NULL. If I is not NULL and the call is successful then the internally generated key is written to I and its size is written to I<*genkeylen>. The encapsulated version of the generated key is written to -I and its size is written to I<*wrappedkeylen>. +I and its size is written to I<*wrappedkeylen>. Note that if +I is not NULL, then the value it points to must initially hold the size of +the I buffer so that its size can be validated by the call, ensuring +it is large enough to hold the result written to I. =head1 NOTES @@ -70,7 +73,7 @@ Encapsulate an RSASVE key (for RSA keys). unsigned char *out = NULL, *secret = NULL; ctx = EVP_PKEY_CTX_new_from_pkey(libctx, rsa_pub_key, NULL); - if (ctx = NULL) + if (ctx == NULL) /* Error */ if (EVP_PKEY_encapsulate_init(ctx, NULL) <= 0) /* Error */ diff --git a/doc/man3/EVP_PKEY_get_attr.pod b/doc/man3/EVP_PKEY_get_attr.pod index 101677422c..30477b8748 100644 --- a/doc/man3/EVP_PKEY_get_attr.pod +++ b/doc/man3/EVP_PKEY_get_attr.pod @@ -103,7 +103,7 @@ L =head1 COPYRIGHT -Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_PKEY_meth_new.pod b/doc/man3/EVP_PKEY_meth_new.pod index db0b09f855..1b0adb2913 100644 --- a/doc/man3/EVP_PKEY_meth_new.pod +++ b/doc/man3/EVP_PKEY_meth_new.pod @@ -407,7 +407,7 @@ of an B is always called by the EVP framework while doing a digest signing operation by calling L. EVP_PKEY_meth_free() frees an existing B pointed by -B. +B. If the argument is NULL, nothing is done. EVP_PKEY_meth_copy() copies an B object from B to B. @@ -456,7 +456,7 @@ has changed in OpenSSL 3.0 so its I parameter is now constified. =head1 COPYRIGHT -Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_RAND.pod b/doc/man3/EVP_RAND.pod index 0c79c57b81..57133bd624 100644 --- a/doc/man3/EVP_RAND.pod +++ b/doc/man3/EVP_RAND.pod @@ -285,7 +285,7 @@ associated RAND ctx. Reads or set the number of elapsed seconds before reseeding the associated RAND ctx. -=item "max_request" (B) +=item "max_request" (B) Specifies the maximum number of bytes that can be generated in a single call to OSSL_FUNC_rand_generate. @@ -411,7 +411,7 @@ The remaining functions were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_SIGNATURE.pod b/doc/man3/EVP_SIGNATURE.pod index 1f534ef338..cf476d1453 100644 --- a/doc/man3/EVP_SIGNATURE.pod +++ b/doc/man3/EVP_SIGNATURE.pod @@ -49,7 +49,7 @@ The returned value must eventually be freed with EVP_SIGNATURE_free(). EVP_SIGNATURE_free() decrements the reference count for the B structure. Typically this structure will have been obtained from an earlier call to EVP_SIGNATURE_fetch(). If the reference count drops to 0 then the -structure is freed. +structure is freed. If the argument is NULL, nothing is done. EVP_SIGNATURE_up_ref() increments the reference count for an B structure. @@ -106,7 +106,7 @@ The functions described here were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/HMAC.pod b/doc/man3/HMAC.pod index 87a567242f..ebe69d2db9 100644 --- a/doc/man3/HMAC.pod +++ b/doc/man3/HMAC.pod @@ -87,7 +87,7 @@ created with HMAC_CTX_new(). HMAC_CTX_free() erases the key and other data from the B, releases any associated resources and finally frees the B -itself. +itself. If the argument is NULL, nothing is done. The following functions may be used if the message is not completely stored in memory: @@ -163,7 +163,7 @@ OpenSSL before version 1.0.0. =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/MD5.pod b/doc/man3/MD5.pod index 2e01fe8193..99bf821160 100644 --- a/doc/man3/MD5.pod +++ b/doc/man3/MD5.pod @@ -7,12 +7,12 @@ MD4_Final, MD5_Init, MD5_Update, MD5_Final - MD2, MD4, and MD5 hash functions =head1 SYNOPSIS - #include - The following functions have been deprecated since OpenSSL 3.0, and can be hidden entirely by defining B with a suitable version value, see L: + #include + unsigned char *MD2(const unsigned char *d, unsigned long n, unsigned char *md); int MD2_Init(MD2_CTX *c); @@ -20,25 +20,24 @@ see L: int MD2_Final(unsigned char *md, MD2_CTX *c); - #include - The following functions have been deprecated since OpenSSL 3.0, and can be hidden entirely by defining B with a suitable version value, see L: + #include + unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md); int MD4_Init(MD4_CTX *c); int MD4_Update(MD4_CTX *c, const void *data, unsigned long len); int MD4_Final(unsigned char *md, MD4_CTX *c); - - #include - The following functions have been deprecated since OpenSSL 3.0, and can be hidden entirely by defining B with a suitable version value, see L: + #include + unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md); int MD5_Init(MD5_CTX *c); @@ -105,7 +104,7 @@ All of these functions were deprecated in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/NCONF_new_ex.pod b/doc/man3/NCONF_new_ex.pod index 6861fb198c..d088ab2fed 100644 --- a/doc/man3/NCONF_new_ex.pod +++ b/doc/man3/NCONF_new_ex.pod @@ -35,7 +35,7 @@ I is set to NULL then the default value of NCONF_default() is used. NCONF_new() is similar to NCONF_new_ex() but sets the I to NULL. NCONF_free() frees the data associated with I and then frees the I -object. +object. If the argument is NULL, nothing is done. NCONF_load() parses the file named I and adds the values found to I. If an error occurs I and I list the file and line that @@ -74,7 +74,7 @@ in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OCSP_REQUEST_new.pod b/doc/man3/OCSP_REQUEST_new.pod index e34e591fe0..3f171e8229 100644 --- a/doc/man3/OCSP_REQUEST_new.pod +++ b/doc/man3/OCSP_REQUEST_new.pod @@ -29,6 +29,7 @@ OCSP_request_onereq_get0 - OCSP request functions OCSP_REQUEST_new() allocates and returns an empty B structure. OCSP_REQUEST_free() frees up the request structure B. +If the argument is NULL, nothing is done. OCSP_request_add0_id() adds certificate ID B to B. It returns the B structure added so an application can add additional @@ -108,7 +109,7 @@ L =head1 COPYRIGHT -Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OCSP_cert_to_id.pod b/doc/man3/OCSP_cert_to_id.pod index 298527f6bb..e0fbdfa9ea 100644 --- a/doc/man3/OCSP_cert_to_id.pod +++ b/doc/man3/OCSP_cert_to_id.pod @@ -38,6 +38,7 @@ issuer name B, issuer key hash B and serial number B. OCSP_CERTID_free() frees up B. +If the argument is NULL, nothing is done. OCSP_id_cmp() compares B B and B. @@ -79,7 +80,7 @@ L =head1 COPYRIGHT -Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OCSP_response_status.pod b/doc/man3/OCSP_response_status.pod index 7ff74923a5..0902ae8a31 100644 --- a/doc/man3/OCSP_response_status.pod +++ b/doc/man3/OCSP_response_status.pod @@ -46,6 +46,7 @@ OCSP_response_create() creates and returns an I structure for I and optionally including basic response I. OCSP_RESPONSE_free() frees up OCSP response I. +If the argument is NULL, nothing is done. OCSP_RESPID_set_by_name() sets the name of the OCSP_RESPID to be the same as the subject name in the supplied X509 certificate I for the OCSP responder. @@ -123,7 +124,7 @@ The OCSP_basic_sign_ctx() function was added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OPENSSL_LH_COMPFUNC.pod b/doc/man3/OPENSSL_LH_COMPFUNC.pod index 2854164bb1..772f421303 100644 --- a/doc/man3/OPENSSL_LH_COMPFUNC.pod +++ b/doc/man3/OPENSSL_LH_COMPFUNC.pod @@ -144,7 +144,7 @@ Then a hash table of B> objects can be created using this: B_free>() frees the B(B>) structure I. Allocated hash table entries will not be freed; consider using B_doall>() to deallocate any remaining entries in the -hash table (see below). +hash table (see below). If the argument is NULL, nothing is done. B_flush>() empties the B(B>) structure I
. New entries can be added to the flushed table. Allocated hash table entries @@ -326,7 +326,7 @@ was deprecated. =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OPENSSL_init_crypto.pod b/doc/man3/OPENSSL_init_crypto.pod index b2d48daeff..1363693c77 100644 --- a/doc/man3/OPENSSL_init_crypto.pod +++ b/doc/man3/OPENSSL_init_crypto.pod @@ -249,6 +249,7 @@ If the B flag is not included, any errors in the configuration file will cause an error return from B or indirectly L. The object can be released with OPENSSL_INIT_free() when done. +If the argument to OPENSSL_INIT_free() is NULL, nothing is done. =head1 NOTES @@ -289,7 +290,7 @@ and OPENSSL_INIT_free() functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OPENSSL_malloc.pod b/doc/man3/OPENSSL_malloc.pod index 7dc6468f0e..20441e76ac 100644 --- a/doc/man3/OPENSSL_malloc.pod +++ b/doc/man3/OPENSSL_malloc.pod @@ -99,7 +99,8 @@ OPENSSL_zalloc() calls memset() to zero the memory before returning. OPENSSL_clear_realloc() and OPENSSL_clear_free() should be used when the buffer at B holds sensitive information. The old buffer is filled with zero's by calling OPENSSL_cleanse() -before ultimately calling OPENSSL_free(). +before ultimately calling OPENSSL_free(). If the argument to OPENSSL_free() is +NULL, nothing is done. OPENSSL_cleanse() fills B of size B with a string of 0's. Use OPENSSL_cleanse() with care if the memory is a mapping of a file. @@ -198,7 +199,7 @@ clang's memory and leak sanitizer. =head1 COPYRIGHT -Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OPENSSL_secure_malloc.pod b/doc/man3/OPENSSL_secure_malloc.pod index c5d4bb2dbb..1bddd77370 100644 --- a/doc/man3/OPENSSL_secure_malloc.pod +++ b/doc/man3/OPENSSL_secure_malloc.pod @@ -82,13 +82,15 @@ If CRYPTO_secure_malloc_init() is not called, this is equivalent to calling OPENSSL_free(). It exists for consistency with OPENSSL_secure_malloc() , and is a macro that expands to CRYPTO_secure_free() and adds the C<__FILE__> -and C<__LINE__> parameters.. +and C<__LINE__> parameters.. If the argument to OPENSSL_secure_free() +is NULL, nothing is done. OPENSSL_secure_clear_free() is similar to OPENSSL_secure_free() except that it has an additional C parameter which is used to clear the memory if it was not allocated from the secure heap. If CRYPTO_secure_malloc_init() is not called, this is equivalent to -calling OPENSSL_clear_free(). +calling OPENSSL_clear_free(). If the argument to OPENSSL_secure_clear_free() +is NULL, nothing is done. OPENSSL_secure_actual_size() tells the actual size allocated to the pointer; implementations may allocate more space than initially @@ -133,7 +135,7 @@ a B in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OSSL_CMP_CTX_new.pod b/doc/man3/OSSL_CMP_CTX_new.pod index 13629b80ec..01474ee0ba 100644 --- a/doc/man3/OSSL_CMP_CTX_new.pod +++ b/doc/man3/OSSL_CMP_CTX_new.pod @@ -190,6 +190,7 @@ the message timeout is set to 120 seconds, and the proof-of-possession method is set to OSSL_CRMF_POPO_SIGNATURE. OSSL_CMP_CTX_free() deallocates an OSSL_CMP_CTX structure. +If the argument is NULL, nothing is done. OSSL_CMP_CTX_reinit() prepares the given I for a further transaction by clearing the internal CMP transaction (aka session) status, PKIStatusInfo, @@ -343,6 +344,11 @@ RFC 4210. Allow retrieving a trust anchor from extraCerts and using that to validate the certificate chain of an IP message. + This is a quirk option added to support 3GPP TS 33.310. + + Note that using this option is dangerous as the certificate obtained + this way has not been authenticated (at least not at CMP level). + Taking it over as a trust anchor implements trust-on-first-use (TOFU). =item B @@ -385,8 +391,10 @@ If TLS is not used this defaults to the value of the environment variable C if set, else C. Otherwise defaults to the value of C if set, else C. An empty proxy string specifies not to use a proxy. -Else the format is C<[http[s]://]address[:port][/path]>, -where any path given is ignored. +Otherwise the format is +C<[http[s]://][userinfo@]host[:port][/path][?query][#fragment]>, +where any given userinfo, path, query, and fragment is ignored. +If the host string is an IPv6 address, it must be enclosed in C<[> and C<]>. The default port number is 80, or 443 in case C is given. OSSL_CMP_CTX_set1_no_proxy() sets the list of server hostnames not to use @@ -642,6 +650,8 @@ If the callback argument is NULL the function tries building an approximate chain as far as possible using the same untrusted certificates from the I, and if this fails it takes the received extraCerts as fallback. The resulting cert chain can be retrieved using OSSL_CMP_CTX_get1_newChain(). +This chain excludes the leaf certificate, i.e., the newly enrolled certificate. +Also the trust anchor (the root certificate) is not included. OSSL_CMP_CTX_set_certConf_cb() sets the callback used for evaluating the newly enrolled certificate before the library sends, depending on its result, @@ -864,7 +874,7 @@ OSSL_CMP_CTX_get0_geninfo_ITAVs() was added in OpenSSL 3.3. =head1 COPYRIGHT -Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OSSL_CMP_ITAV_new_caCerts.pod b/doc/man3/OSSL_CMP_ITAV_new_caCerts.pod index 66f0ac9030..63a49d765e 100644 --- a/doc/man3/OSSL_CMP_ITAV_new_caCerts.pod +++ b/doc/man3/OSSL_CMP_ITAV_new_caCerts.pod @@ -49,6 +49,8 @@ the internal pointer to the certificate contained in the infoValue field. OSSL_CMP_ITAV_new_rootCaKeyUpdate() creates a new B structure of type B that includes an RootCaKeyUpdateContent structure with the optional I, I, and I certificates. +An RootCaKeyUpdateContent structure is included only if I +is not NULL. OSSL_CMP_ITAV_get0_rootCaKeyUpdate() requires that I has infoType B. @@ -59,7 +61,8 @@ If I is not NULL, it assigns to I<*newWithOld> the internal pointer to the certificate contained in the newWithOld infoValue sub-field of I. If I is not NULL, it assigns to I<*oldWithNew> the internal pointer to the certificate contained in the oldWithNew infoValue sub-field of I. -Each of these pointers will be NULL if the respective sub-field is not set. +Each of these pointers will be set to NULL if no root CA certificate update +is present or the respective sub-field is not included. =head1 NOTES @@ -88,7 +91,7 @@ were added in OpenSSL 3.2. =head1 COPYRIGHT -Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OSSL_CMP_MSG_get0_header.pod b/doc/man3/OSSL_CMP_MSG_get0_header.pod index 97321bebc0..f8f535f30b 100644 --- a/doc/man3/OSSL_CMP_MSG_get0_header.pod +++ b/doc/man3/OSSL_CMP_MSG_get0_header.pod @@ -36,7 +36,7 @@ OSSL_CMP_MSG_get0_header() returns the header of the given CMP message. OSSL_CMP_MSG_get_bodytype() returns the body type of the given CMP message. OSSL_CMP_MSG_get0_certreq_publickey() expects that I is a certificate request -messsage and returns the public key in its certificate template if present. +message and returns the public key in its certificate template if present. OSSL_CMP_MSG_update_transactionID() updates the transactionID field in the header of the given message according to the CMP_CTX. @@ -157,7 +157,7 @@ OSSL_CMP_MSG_get0_certreq_publickey() was added in OpenSSL 3.3. =head1 COPYRIGHT -Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OSSL_CMP_SRV_CTX_new.pod b/doc/man3/OSSL_CMP_SRV_CTX_new.pod index d1fd7e83b1..7484a7a049 100644 --- a/doc/man3/OSSL_CMP_SRV_CTX_new.pod +++ b/doc/man3/OSSL_CMP_SRV_CTX_new.pod @@ -114,6 +114,7 @@ associated with the library context I and property query string I, both of which may be NULL to select the defaults. OSSL_CMP_SRV_CTX_free() deletes the given I. +If the argument is NULL, nothing is done. OSSL_CMP_SRV_CTX_init() sets in the given I a custom server context pointer as well as callback functions performing the specific processing of CMP @@ -186,7 +187,7 @@ was added in OpenSSL 3.3. =head1 COPYRIGHT -Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OSSL_CMP_validate_msg.pod b/doc/man3/OSSL_CMP_validate_msg.pod index c416a49d77..af060a8eb8 100644 --- a/doc/man3/OSSL_CMP_validate_msg.pod +++ b/doc/man3/OSSL_CMP_validate_msg.pod @@ -42,11 +42,14 @@ using any trust store set via L. If the option OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR was set by calling L, for an Initialization Response (IP) message -any self-issued certificate from the I extraCerts field may also be used -as trust anchor for the path verification of an acceptable cert if it can be +any self-issued certificate from the I extraCerts field may be used +as a trust anchor for the path verification of an 'acceptable' cert if it can be used also to validate the issued certificate returned in the IP message. This is according to TS 33.310 [Network Domain Security (NDS); Authentication Framework -(AF)] document specified by the The 3rd Generation Partnership Project (3GPP). +(AF)] document specified by The 3rd Generation Partnership Project (3GPP). +Note that using this option is dangerous as the certificate obtained this way +has not been authenticated (at least not at CMP level). +Taking it over as a trust anchor implements trust-on-first-use (TOFU). Any cert that has been found as described above is cached and tried first when validating the signatures of subsequent messages in the same transaction. @@ -76,7 +79,7 @@ The OpenSSL CMP support was added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OSSL_DECODER.pod b/doc/man3/OSSL_DECODER.pod index c58ebf462c..633aa07f8f 100644 --- a/doc/man3/OSSL_DECODER.pod +++ b/doc/man3/OSSL_DECODER.pod @@ -61,6 +61,7 @@ I. OSSL_DECODER_free() decrements the reference count for the given I, and when the count reaches zero, frees it. +If the argument is NULL, nothing is done. OSSL_DECODER_get0_provider() returns the provider of the given I. @@ -180,7 +181,7 @@ The functions described here were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OSSL_DECODER_CTX.pod b/doc/man3/OSSL_DECODER_CTX.pod index 034cf12c73..33b09c836d 100644 --- a/doc/man3/OSSL_DECODER_CTX.pod +++ b/doc/man3/OSSL_DECODER_CTX.pod @@ -126,6 +126,7 @@ decoders that have been added to the I so far. Parameters that an implementation doesn't recognise should be ignored by it. OSSL_DECODER_CTX_free() frees the given context I. +If the argument is NULL, nothing is done. OSSL_DECODER_CTX_add_decoder() populates the B I with a decoder, to be used to attempt to decode some encoded input. @@ -249,7 +250,7 @@ The functions described here were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OSSL_DECODER_CTX_new_for_pkey.pod b/doc/man3/OSSL_DECODER_CTX_new_for_pkey.pod index 4b4443777a..e55212ad55 100644 --- a/doc/man3/OSSL_DECODER_CTX_new_for_pkey.pod +++ b/doc/man3/OSSL_DECODER_CTX_new_for_pkey.pod @@ -82,7 +82,7 @@ choice of preferred pass phrase callback form. These are called indirectly, through an internal L function. The internal L function caches the pass phrase, to -be re-used in all decodings that are performed in the same decoding run (for +be reused in all decodings that are performed in the same decoding run (for example, within one L call). =head2 Input Types @@ -135,7 +135,7 @@ The functions described here were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OSSL_ENCODER.pod b/doc/man3/OSSL_ENCODER.pod index d727154728..bbf64b0b47 100644 --- a/doc/man3/OSSL_ENCODER.pod +++ b/doc/man3/OSSL_ENCODER.pod @@ -61,6 +61,7 @@ I. OSSL_ENCODER_free() decrements the reference count for the given I, and when the count reaches zero, frees it. +If the argument is NULL, nothing is done. OSSL_ENCODER_get0_provider() returns the provider of the given I. @@ -134,7 +135,7 @@ The functions described here were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OSSL_ENCODER_CTX.pod b/doc/man3/OSSL_ENCODER_CTX.pod index b4b5f61e13..e9248c356a 100644 --- a/doc/man3/OSSL_ENCODER_CTX.pod +++ b/doc/man3/OSSL_ENCODER_CTX.pod @@ -102,6 +102,7 @@ with an L array I. Parameters that the implementation doesn't recognise should be ignored. OSSL_ENCODER_CTX_free() frees the given context I. +If the argument is NULL, nothing is done. OSSL_ENCODER_CTX_add_encoder() populates the B I with a encoder, to be used to encode an input object. @@ -211,7 +212,7 @@ The functions described here were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OSSL_ERR_STATE_save.pod b/doc/man3/OSSL_ERR_STATE_save.pod index 93c4b8f473..0e8e1f1fc3 100644 --- a/doc/man3/OSSL_ERR_STATE_save.pod +++ b/doc/man3/OSSL_ERR_STATE_save.pod @@ -46,6 +46,7 @@ for all the added entries. Any allocated data in the saved error entries is duplicated on adding to the thread state. OSSL_ERR_STATE_free() frees the saved error state I. +If the argument is NULL, nothing is done. =head1 RETURN VALUES @@ -76,7 +77,7 @@ All of these functions were added in OpenSSL 3.2. =head1 COPYRIGHT -Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OSSL_HPKE_CTX_new.pod b/doc/man3/OSSL_HPKE_CTX_new.pod index e291ec7e48..89a6fcafe1 100644 --- a/doc/man3/OSSL_HPKE_CTX_new.pod +++ b/doc/man3/OSSL_HPKE_CTX_new.pod @@ -240,7 +240,8 @@ I and I are used when fetching algorithms from providers and may be set to NULL. OSSL_HPKE_CTX_free() frees the I B that was created -previously by a call to OSSL_HPKE_CTX_new(). +previously by a call to OSSL_HPKE_CTX_new(). If the argument to +OSSL_HPKE_CTX_free() is NULL, nothing is done. =head2 Sender APIs @@ -453,9 +454,9 @@ The input I should be a comma-separated string with a KEM, KDF and AEAD name in that order, for example "x25519,hkdf-sha256,aes128gcm". This can be used by command line tools that accept string form names for HPKE codepoints. Valid (case-insensitive) names are: -"p256", "p384", "p521", "x25519" and "x448" for KEM, -"hkdf-SHA256", "hkdf-SHA384" and "hkdf-SHA512" for KDF, and -"aes-gcm-128", "aes-gcm-256" and "chacha20-poly1305" for AEAD. +"p-256", "p-384", "p-521", "x25519" and "x448" for KEM, +"hkdf-sha256", "hkdf-sha384" and "hkdf-sha512" for KDF, and +"aes-gcm-128", "aes-gcm-256", "chacha20-poly1305" and "exporter" for AEAD. String variants of the numbers listed in L can also be used. @@ -565,7 +566,7 @@ This functionality described here was added in OpenSSL 3.2. =head1 COPYRIGHT -Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OSSL_HTTP_REQ_CTX.pod b/doc/man3/OSSL_HTTP_REQ_CTX.pod index d29e8120d8..a53070e49c 100644 --- a/doc/man3/OSSL_HTTP_REQ_CTX.pod +++ b/doc/man3/OSSL_HTTP_REQ_CTX.pod @@ -75,6 +75,7 @@ which collects the HTTP request header lines. OSSL_HTTP_REQ_CTX_free() frees up the HTTP request context I. The I is not free'd, I will be free'd if I is set. +If the argument is NULL, nothing is done. OSSL_HTTP_REQ_CTX_set_request_line() adds the 1st HTTP request line to I. The HTTP method is determined by I, @@ -240,7 +241,7 @@ with OSSL_HTTP_REQ_CTX_nbio() or OSSL_HTTP_REQ_CTX_exchange(). When built with tracing enabled, OSSL_HTTP_REQ_CTX_nbio() and all functions using it, such as OSSL_HTTP_REQ_CTX_exchange() and L, may be traced using B. -See also L and L. +See also L and L. =head1 RETURN VALUES @@ -278,7 +279,7 @@ L, L, L, L, -L +L, and L. =head1 HISTORY @@ -286,7 +287,7 @@ The functions described here were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OSSL_HTTP_parse_url.pod b/doc/man3/OSSL_HTTP_parse_url.pod index b9c59a9dec..bc29fb18d1 100644 --- a/doc/man3/OSSL_HTTP_parse_url.pod +++ b/doc/man3/OSSL_HTTP_parse_url.pod @@ -42,20 +42,25 @@ take any further default value from the C environment variable, or from C if I is nonzero. If I is NULL, take any default exclusion value from the C environment variable, or else from C. -Return the determined proxy hostname unless the exclusion contains I. +Return the determined proxy host unless the exclusion value, +which is a list of proxy hosts separated by C<,> and/or whitespace, +contains I. Otherwise return NULL. +When I is a string delimited by C<[> and C<]>, which are used for IPv6 +addresses, the enclosing C<[> and C<]> are stripped prior to comparison. OSSL_parse_url() parses its input string I as a URL of the form C<[scheme://][userinfo@]host[:port][/path][?query][#fragment]> and splits it up into scheme, userinfo, host, port, path, query, and fragment components. The host (or server) component may be a DNS name or an IP address -where IPv6 addresses should be enclosed in square brackets C<[> and C<]>. +where IPv6 addresses must be enclosed in square brackets C<[> and C<]>. The port component is optional and defaults to C<0>. If given, it must be in decimal form. If the I argument is not NULL the integer value of the port number is assigned to I<*pport_num> on success. The path component is also optional and defaults to C. Each non-NULL result pointer argument I, I, I, I, I, I, and I, is assigned the respective url component. +Any IPv6 address in I<*phost> is enclosed in C<[> and C<]>. On success, they are guaranteed to contain non-NULL string pointers, else NULL. It is the responsibility of the caller to free them using L. If I is NULL, any given query component is handled as part of the path. @@ -70,7 +75,7 @@ and the scheme is C, else 0. The port component is optional and defaults to C<443> if the scheme is C, else C<80>. Note that relative paths must be given with a leading C, -otherwise the first path element is interpreted as the hostname. +otherwise the first path element is interpreted as the host. Calling the deprecated function OCSP_parse_url(url, host, port, path, ssl) is equivalent to diff --git a/doc/man3/OSSL_HTTP_transfer.pod b/doc/man3/OSSL_HTTP_transfer.pod index 323525c5b0..4d0ed6d1bb 100644 --- a/doc/man3/OSSL_HTTP_transfer.pod +++ b/doc/man3/OSSL_HTTP_transfer.pod @@ -77,12 +77,14 @@ If TLS is not used this defaults to the environment variable C if set, else C. If I != 0 it defaults to C if set, else C. An empty proxy string C<""> forbids using a proxy. -Else the format is +Otherwise, the format is C<[http[s]://][userinfo@]host[:port][/path][?query][#fragment]>, where any userinfo, path, query, and fragment given is ignored. +If the host string is an IPv6 address, it must be enclosed in C<[> and C<]>. The default proxy port number is 80, or 443 in case "https:" is given. The HTTP client functions connect via the given proxy unless the I -is found in the optional list I of proxy hostnames (if not NULL; +is found in the optional list I of proxy hostnames or IP addresses +separated by C<,> and/or whitespace (if not NULL; default is the environment variable C if set, else C). Proxying plain HTTP is supported directly, while using a proxy for HTTPS connections requires a suitable callback function @@ -260,7 +262,7 @@ other HTTP client implementations such as wget, curl, and git. When built with tracing enabled, OSSL_HTTP_transfer() and all functions using it may be traced using B. -See also L and L. +See also L and L. =head1 RETURN VALUES @@ -284,7 +286,7 @@ OSSL_HTTP_close() returns 0 if anything went wrong while disconnecting, else 1. L, L, L, L, L, -L +L, and L. =head1 HISTORY diff --git a/doc/man3/OSSL_LIB_CTX.pod b/doc/man3/OSSL_LIB_CTX.pod index cf8bd8b067..ad203299e9 100644 --- a/doc/man3/OSSL_LIB_CTX.pod +++ b/doc/man3/OSSL_LIB_CTX.pod @@ -88,7 +88,7 @@ This can be used to associate a library context with providers that are loaded from a configuration. OSSL_LIB_CTX_free() frees the given I, unless it happens to be the -default OpenSSL library context. +default OpenSSL library context. If the argument is NULL, nothing is done. OSSL_LIB_CTX_get0_global_default() returns a concrete (non NULL) reference to the global default library context. @@ -126,7 +126,7 @@ All of the functions described on this page were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OSSL_PARAM.pod b/doc/man3/OSSL_PARAM.pod index 1e5bf06cf7..22fd0f0d7d 100644 --- a/doc/man3/OSSL_PARAM.pod +++ b/doc/man3/OSSL_PARAM.pod @@ -11,7 +11,7 @@ OSSL_PARAM - a structure to pass or request object parameters typedef struct ossl_param_st OSSL_PARAM; struct ossl_param_st { const char *key; /* the name of the parameter */ - unsigned char data_type; /* declare what kind of content is in data */ + unsigned int data_type; /* declare what kind of content is in data */ void *data; /* value being passed in or out */ size_t data_size; /* data size */ size_t return_size; /* returned size */ diff --git a/doc/man3/OSSL_PARAM_BLD.pod b/doc/man3/OSSL_PARAM_BLD.pod index 639f7bb595..a9dea41211 100644 --- a/doc/man3/OSSL_PARAM_BLD.pod +++ b/doc/man3/OSSL_PARAM_BLD.pod @@ -53,6 +53,7 @@ so that values can be added. Any existing values are cleared. OSSL_PARAM_BLD_free() deallocates the memory allocates by OSSL_PARAM_BLD_new(). +If the argument is NULL, nothing is done. OSSL_PARAM_BLD_to_param() converts a built up OSSL_PARAM_BLD structure I into an allocated OSSL_PARAM array. @@ -206,7 +207,7 @@ The functions described here were all added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OSSL_PARAM_dup.pod b/doc/man3/OSSL_PARAM_dup.pod index 4ae33faf1e..c8d109a227 100644 --- a/doc/man3/OSSL_PARAM_dup.pod +++ b/doc/man3/OSSL_PARAM_dup.pod @@ -32,6 +32,7 @@ array that have the same key. OSSL_PARAM_free() frees the parameter array I that was created using OSSL_PARAM_dup(), OSSL_PARAM_merge() or OSSL_PARAM_BLD_to_param(). +If the argument to OSSL_PARAM_free() is NULL, nothing is done. =head1 RETURN VALUES @@ -49,7 +50,7 @@ The functions were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OSSL_SELF_TEST_new.pod b/doc/man3/OSSL_SELF_TEST_new.pod index 4c4b10fca9..c46becd1ad 100644 --- a/doc/man3/OSSL_SELF_TEST_new.pod +++ b/doc/man3/OSSL_SELF_TEST_new.pod @@ -32,6 +32,7 @@ The callback I may be triggered multiple times by a self test to indicate different phases. OSSL_SELF_TEST_free() frees the space allocated by OSSL_SELF_TEST_new(). +If the argument is NULL, nothing is done. OSSL_SELF_TEST_onbegin() may be inserted at the start of a block of self test code. It can be used for diagnostic purposes. @@ -165,7 +166,7 @@ The functions described here were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OSSL_STORE_INFO.pod b/doc/man3/OSSL_STORE_INFO.pod index 39bb93fbf5..b8332855d4 100644 --- a/doc/man3/OSSL_STORE_INFO.pod +++ b/doc/man3/OSSL_STORE_INFO.pod @@ -101,6 +101,7 @@ holds if the B type (as returned by OSSL_STORE_INFO_get_type()) matches the function, otherwise NULL. OSSL_STORE_INFO_free() frees a B and its contained type. +If the argument is NULL, nothing is done. OSSL_STORE_INFO_new_NAME() , OSSL_STORE_INFO_new_PARAMS(), , OSSL_STORE_INFO_new_PUBKEY(), OSSL_STORE_INFO_new_PKEY(), @@ -221,7 +222,7 @@ The OSSL_STORE_INFO_PUBKEY object type was added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OSSL_STORE_LOADER.pod b/doc/man3/OSSL_STORE_LOADER.pod index c008e397e1..b4fcc7efe9 100644 --- a/doc/man3/OSSL_STORE_LOADER.pod +++ b/doc/man3/OSSL_STORE_LOADER.pod @@ -105,7 +105,6 @@ see L: typedef int (*OSSL_STORE_close_fn)(OSSL_STORE_LOADER_CTX *ctx); int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *store_loader, OSSL_STORE_close_fn store_close_function); - void OSSL_STORE_LOADER_free(OSSL_STORE_LOADER *store_loader); int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader); OSSL_STORE_LOADER *OSSL_STORE_unregister_loader(const char *scheme); @@ -126,6 +125,7 @@ I. OSSL_STORE_LOADER_free() decrements the reference count for the given I, and when the count reaches zero, frees it. +If the argument is NULL, nothing is done. OSSL_STORE_LOADER_get0_provider() returns the provider of the given I. @@ -297,6 +297,7 @@ OSSL_STORE_LOADER_set_close() sets the closing function for the I. OSSL_STORE_LOADER_free() frees the given I. +If the argument is NULL, nothing is done. OSSL_STORE_register_loader() register the given I and thereby makes it available for use with OSSL_STORE_open(), @@ -358,21 +359,25 @@ L =head1 HISTORY OSSL_STORE_LOADER_fetch(), OSSL_STORE_LOADER_up_ref(), -OSSL_STORE_LOADER_free(), OSSL_STORE_LOADER_get0_provider(), -OSSL_STORE_LOADER_get0_properties(), OSSL_STORE_LOADER_is_a(), -OSSL_STORE_LOADER_do_all_provided() and -OSSL_STORE_LOADER_names_do_all() were added in OpenSSL 3.0. +OSSL_STORE_LOADER_get0_provider(), OSSL_STORE_LOADER_get0_properties(), +OSSL_STORE_LOADER_get0_description(), OSSL_STORE_LOADER_is_a(), +OSSL_STORE_LOADER_do_all_provided() and OSSL_STORE_LOADER_names_do_all() +were added in OpenSSL 3.0. -OSSL_STORE_open_ex_fn() was added in OpenSSL 3.0. +B and OSSL_STORE_LOADER_free() were added in OpenSSL +1.1.1. -B, B, OSSL_STORE_LOADER_new(), +OSSL_STORE_LOADER_set_open_ex() and OSSL_STORE_open_ex_fn() were added in +OpenSSL 3.0, and are deprecated. + +B, OSSL_STORE_LOADER_new(), OSSL_STORE_LOADER_set0_scheme(), OSSL_STORE_LOADER_get0_scheme(), OSSL_STORE_LOADER_get0_engine(), OSSL_STORE_LOADER_set_expect(), OSSL_STORE_LOADER_set_find(), OSSL_STORE_LOADER_set_attach(), OSSL_STORE_LOADER_set_open_ex(), OSSL_STORE_LOADER_set_open(), OSSL_STORE_LOADER_set_ctrl(), OSSL_STORE_LOADER_set_load(), OSSL_STORE_LOADER_set_eof(), -OSSL_STORE_LOADER_set_close(), OSSL_STORE_LOADER_free(), +OSSL_STORE_LOADER_set_close(), OSSL_STORE_register_loader(), OSSL_STORE_LOADER_set_error(), OSSL_STORE_unregister_loader(), OSSL_STORE_open_fn(), OSSL_STORE_ctrl_fn(), OSSL_STORE_load_fn(), OSSL_STORE_eof_fn() and OSSL_STORE_close_fn() @@ -380,7 +385,7 @@ were added in OpenSSL 1.1.1, and became deprecated in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OSSL_STORE_SEARCH.pod b/doc/man3/OSSL_STORE_SEARCH.pod index 79186b0899..bd512890c6 100644 --- a/doc/man3/OSSL_STORE_SEARCH.pod +++ b/doc/man3/OSSL_STORE_SEARCH.pod @@ -75,6 +75,7 @@ criterion, so they must have at least the same life time as the created B. OSSL_STORE_SEARCH_free() is used to free the B. +If the argument is NULL, nothing is done. =head2 Loader Functions @@ -183,7 +184,7 @@ were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2018-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OSSL_trace_enabled.pod b/doc/man3/OSSL_trace_enabled.pod index da78eba234..987dd7f91a 100644 --- a/doc/man3/OSSL_trace_enabled.pod +++ b/doc/man3/OSSL_trace_enabled.pod @@ -97,9 +97,10 @@ I is enabled, i.e., if the tracing facility has been statically enabled (see L below) and a trace channel has been registered using L or L. -OSSL_trace_begin() is used to starts a tracing section, and get the -channel for the given I in form of a BIO. +OSSL_trace_begin() is used to start a tracing section, +and get the channel for the given I in form of a BIO. This BIO can only be used for output. +The pointer returned is NULL if the category is invalid or not enabled. OSSL_trace_end() is used to end a tracing section. @@ -211,6 +212,9 @@ expands to =head1 NOTES +It is not needed to guard trace output function calls like +I by I. + If producing the trace output requires carrying out auxiliary calculations, this auxiliary code should be placed inside a conditional block which is executed only if the trace category is enabled. diff --git a/doc/man3/PEM_read_bio_PrivateKey.pod b/doc/man3/PEM_read_bio_PrivateKey.pod index ac93920add..f1635b8980 100644 --- a/doc/man3/PEM_read_bio_PrivateKey.pod +++ b/doc/man3/PEM_read_bio_PrivateKey.pod @@ -320,7 +320,9 @@ NULL but I<*x> is NULL then the structure returned will be written to I<*x>. If neither I nor I<*x> is NULL then an attempt is made to reuse the structure at I<*x> (but see BUGS and EXAMPLES sections). Irrespective of the value of I a pointer to the structure is always -returned (or NULL if an error occurred). +returned (or NULL if an error occurred). The caller retains ownership of the +returned object and needs to free it when it is no longer needed, e.g. +using X509_free() for X509 objects or EVP_PKEY_free() for EVP_PKEY objects. The PEM functions which write private keys take an I parameter which specifies the encryption algorithm to use, encryption is done @@ -574,7 +576,7 @@ PEM_write_bio_DHparams() and PEM_write_DHparams() were deprecated in 3.0. =head1 COPYRIGHT -Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/PKCS12_create.pod b/doc/man3/PKCS12_create.pod index 09fc895f18..5dae7fccb7 100644 --- a/doc/man3/PKCS12_create.pod +++ b/doc/man3/PKCS12_create.pod @@ -126,7 +126,7 @@ standards. =head1 COPYRIGHT -Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/RAND_set_DRBG_type.pod b/doc/man3/RAND_set_DRBG_type.pod index f78c15ff45..423ebfad65 100644 --- a/doc/man3/RAND_set_DRBG_type.pod +++ b/doc/man3/RAND_set_DRBG_type.pod @@ -27,7 +27,7 @@ private random instances. RAND_set_seed_source_type() specifies the seed source that will be used within the library context I. The seed source of name I with properties I will be fetched and used to seed the primary -random big generator. +random bit generator. =head1 RETURN VALUES @@ -54,7 +54,7 @@ These functions were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/RSA_meth_new.pod b/doc/man3/RSA_meth_new.pod index 6c8eda1615..40f9bc4e82 100644 --- a/doc/man3/RSA_meth_new.pod +++ b/doc/man3/RSA_meth_new.pod @@ -147,7 +147,7 @@ passed as a parameter. This might be useful for creating a new B based on an existing one, but with some differences. RSA_meth_free() destroys an B structure and frees up any -memory associated with it. +memory associated with it. If the argument is NULL, nothing is done. RSA_meth_get0_name() will return a pointer to the name of this RSA_METHOD. This is a pointer to the internal name string and so @@ -260,7 +260,7 @@ Other functions described here were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/RSA_public_encrypt.pod b/doc/man3/RSA_public_encrypt.pod index 2ae6c7f290..cbe4e22611 100644 --- a/doc/man3/RSA_public_encrypt.pod +++ b/doc/man3/RSA_public_encrypt.pod @@ -94,10 +94,17 @@ design. Prefer RSA_PKCS1_OAEP_PADDING. In OpenSSL before version 3.2.0, both the return value and the length of returned value could be used to mount the Bleichenbacher attack. -Since version 3.2.0, OpenSSL does not return an error in case of padding -checks failed. Instead it generates a random message based on used private +Since version 3.2.0, the default provider in OpenSSL does not return an +error when padding checks fail. Instead it generates a random +message based on used private key and provided ciphertext so that application code doesn't have to implement a side-channel secure error handling. +Applications that want to be secure against side-channel attacks with +providers that don't implement implicit rejection, still need to +handle the returned values using side-channel free code. +Side-channel free handling of the error stack can be performed using +either a pair of unconditional L and L +calls or by using the L call. =head1 CONFORMING TO @@ -106,7 +113,7 @@ SSL, PKCS #1 v2.0 =head1 SEE ALSO L, L, -L +L, L, L =head1 HISTORY @@ -114,7 +121,7 @@ Both of these functions were deprecated in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SCT_new.pod b/doc/man3/SCT_new.pod index 2357627219..a20affd38a 100644 --- a/doc/man3/SCT_new.pod +++ b/doc/man3/SCT_new.pod @@ -166,6 +166,12 @@ SCT_set_source() can be used to record where the SCT was found (TLS extension, X.509 certificate extension or OCSP response). This is not required for verifying the SCT. +SCT_free() frees the specified SCT. +If the argument is NULL, nothing is done. + +SCT_LIST_free() frees the specified stack of SCTs. +If the argument is NULL, nothing is done. + =head1 NOTES Some of the setters return int, instead of void. These will all return 1 on @@ -210,7 +216,7 @@ These functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CIPHER_get_name.pod b/doc/man3/SSL_CIPHER_get_name.pod index 44af9d6dfe..09b7280bdd 100644 --- a/doc/man3/SSL_CIPHER_get_name.pod +++ b/doc/man3/SSL_CIPHER_get_name.pod @@ -109,7 +109,7 @@ cipher B. SSL_CIPHER_description() returns a textual description of the cipher used into the buffer B of length B provided. If B is provided, it -must be at least 128 bytes, otherwise a buffer will be allocated using +must be at least 128 bytes. If B is NULL it will be allocated using OPENSSL_malloc(). If the provided buffer is too small, or the allocation fails, B is returned. @@ -203,7 +203,7 @@ The OPENSSL_cipher_name() function was added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod index 5dc468dc2e..136ccd56a3 100644 --- a/doc/man3/SSL_CONF_cmd.pod +++ b/doc/man3/SSL_CONF_cmd.pod @@ -118,15 +118,18 @@ algorithms to support. The B argument should be a colon separated list of signature algorithms in order of decreasing preference of the form B -or B. B is one of B, B or B and +or B. For the default providers shipped with OpenSSL, +B is one of B, B or B and B is a supported algorithm OID short name such as B, B, -B, B of B. Note: algorithm and hash names are case +B, B or B. Note: algorithm and hash names are case sensitive. B is one of the signature schemes defined in TLSv1.3, specified using the IETF name, e.g., B, -B, or B. +B, or B. Additional providers may make available +further algorithms via the TLS_SIGALG capability. +See L. -If this option is not set then all signature algorithms supported by the -OpenSSL library are permissible. +If this option is not set then all signature algorithms supported by all +activated providers are permissible. Note: algorithms which specify a PKCS#1 v1.5 signature scheme (either by using B as the B or by using one of the B @@ -369,16 +372,19 @@ servers it is used to determine which signature algorithms to support. The B argument should be a colon separated list of signature algorithms in order of decreasing preference of the form B or -B. B -is one of B, B or B and B is a supported algorithm -OID short name such as B, B, B, B of B. +B. For the default providers shipped with OpenSSL, +B is one of B, B or B and B is a supported +algorithm OID short name such as B, B, B, B +or B. Note: algorithm and hash names are case sensitive. B is one of the signature schemes defined in TLSv1.3, specified using the IETF name, e.g., B, B, or B. +Additional providers may make available further algorithms via the TLS_SIGALG +capability. See L. -If this option is not set then all signature algorithms supported by the -OpenSSL library are permissible. +If this option is not set then all signature algorithms supported by all +activated providers are permissible. Note: algorithms which specify a PKCS#1 v1.5 signature scheme (either by using B as the B or by using one of the B @@ -796,7 +802,7 @@ B was added in OpenSSL 3.3. =head1 COPYRIGHT -Copyright 2012-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2012-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_new.pod b/doc/man3/SSL_CTX_new.pod index f467f93659..627d9e7f0d 100644 --- a/doc/man3/SSL_CTX_new.pod +++ b/doc/man3/SSL_CTX_new.pod @@ -104,10 +104,12 @@ On session establishment, by default, no peer credentials verification is done. This must be explicitly requested, typically using L. For verifying peer certificates many options can be set using various functions such as L and L. -The L function can be used, also in conjunction -with L, to set the intended purpose of the session. -The default is B on the client side + +The SSL/(D)TLS implementation uses the L +function to prepare checks for B on the client side and B on the server side. +The L function can be used, also in conjunction +with L, to override the default purpose of the session. The SSL_CTX object uses I as the connection method. Three method variants are available: a generic method (for either client or @@ -228,7 +230,7 @@ SSL_CTX_up_ref() returns 1 for success and 0 for failure. =head1 SEE ALSO -L, L, +L, L, L, SSL_CTX_set_verify(3), L, L, L, L, L, L, L diff --git a/doc/man3/SSL_CTX_set1_curves.pod b/doc/man3/SSL_CTX_set1_curves.pod index f0566e148e..1ebabfb481 100644 --- a/doc/man3/SSL_CTX_set1_curves.pod +++ b/doc/man3/SSL_CTX_set1_curves.pod @@ -43,22 +43,46 @@ When setting such groups applications should use the "list" form of these functions (i.e. SSL_CTX_set1_groups_list() and SSL_set1_groups_list). SSL_CTX_set1_groups() sets the supported groups for B to B -groups in the array B. The array consist of all NIDs of groups in -preference order. For a TLS client the groups are used directly in the -supported groups extension. For a TLS server the groups are used to -determine the set of shared groups. Currently supported groups for -B are B, B, B, -B, B, B, -B, B, B, -B, B, B and B. +groups in the array B. The array consist of all NIDs of supported groups. +Currently supported groups for B are B, +B, B, B, B, +B, B, +B, B, B, +B, B and B. +OpenSSL will use this array in different ways depending on TLS role and version: + +=over 4 + +=item For a TLS client, the groups are used directly in the supported groups +extension. The extension's preference order, to be evaluated by the server, is +determined by the order of the elements in the array. + +=item For a TLS 1.2 server, the groups determine the selected group. If +B is set, the order of the elements in the +array determines the selected group. Otherwise, the order is ignored and the +client's order determines the selection. + +=item For a TLS 1.3 server, the groups determine the selected group, but +selection is more complex. A TLS 1.3 client sends both a group list as well as a +predicted subset of groups. Choosing a group outside the predicted subset incurs +an extra roundtrip. However, in some situations, the most preferred group may +not be predicted. OpenSSL considers all supported groups to be comparable in +security and prioritizes avoiding roundtrips above either client or server +preference order. If an application uses an external provider to extend OpenSSL +with, e.g., a post-quantum algorithm, this behavior may allow a network attacker +to downgrade connections to a weaker algorithm. + +=back SSL_CTX_set1_groups_list() sets the supported groups for B to string B. The string is a colon separated list of group names, for example -"P-521:P-384:P-256:X25519:ffdhe2048". Currently supported groups for B -are B, B, B, B, B, B, -B, B, B, B, -B, B and B. Support for other groups may be -added by external providers. If a group name is preceded with the C +"P-521:P-384:P-256:X25519:ffdhe2048". The groups are used as in +SSL_CTX_set1_groups(), described above. Currently supported groups for +B are B, B, B, B, B, +B, B, B, +B, B, B, B and B. Support +for other groups may be added by external providers, however note the discussion +on TLS 1.3 selection criteria above. If a group name is preceded with the C character, it will be ignored if an implementation is missing. SSL_set1_groups() and SSL_set1_groups_list() are similar except they set @@ -146,9 +170,13 @@ was added in OpenSSL 3.0.0. Support for ignoring unknown groups in SSL_CTX_set1_groups_list() and SSL_set1_groups_list() was added in OpenSSL 3.3. +Earlier versions of this document described the list as a preference order. +However, OpenSSL's behavior as a TLS 1.3 server is to consider I +supported groups as comparable in security. + =head1 COPYRIGHT -Copyright 2013-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2013-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set1_sigalgs.pod b/doc/man3/SSL_CTX_set1_sigalgs.pod index 5b7de7d956..c384065bfc 100644 --- a/doc/man3/SSL_CTX_set1_sigalgs.pod +++ b/doc/man3/SSL_CTX_set1_sigalgs.pod @@ -117,7 +117,7 @@ was added in OpenSSL 3.3. =head1 COPYRIGHT -Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_alpn_select_cb.pod b/doc/man3/SSL_CTX_set_alpn_select_cb.pod index 05fee2fbec..dd5517df4d 100644 --- a/doc/man3/SSL_CTX_set_alpn_select_cb.pod +++ b/doc/man3/SSL_CTX_set_alpn_select_cb.pod @@ -52,7 +52,8 @@ SSL_select_next_proto, SSL_get0_alpn_selected, SSL_get0_next_proto_negotiated SSL_CTX_set_alpn_protos() and SSL_set_alpn_protos() are used by the client to set the list of protocols available to be negotiated. The B must be in protocol-list format, described below. The length of B is specified in -B. +B. Setting B to 0 clears any existing list of ALPN +protocols and no ALPN extension will be sent to the server. SSL_CTX_set_alpn_select_cb() sets the application callback B used by a server to select which protocol to use for the incoming connection. When B @@ -73,9 +74,16 @@ B and B, B must be in the protocol-list format described below. The first item in the B, B list that matches an item in the B, B list is selected, and returned in B, B. The B value will point into either B or -B, so it should be copied immediately. If no match is found, the first -item in B, B is returned in B, B. This -function can also be used in the NPN callback. +B, so it should be copied immediately. The client list must include at +least one valid (nonempty) protocol entry in the list. + +The SSL_select_next_proto() helper function can be useful from either the ALPN +callback or the NPN callback (described below). If no match is found, the first +item in B, B is returned in B, B and +B is returned. This can be useful when implementing +the NPN callback. In the ALPN case, the value returned in B and B +must be ignored if B has been returned from +SSL_select_next_proto(). SSL_CTX_set_next_proto_select_cb() sets a callback B that is called when a client needs to select a protocol from the server's provided list, and a @@ -85,9 +93,10 @@ must be set to point to the selected protocol (which may be within B). The length of the protocol name must be written into B. The server's advertised protocols are provided in B and B. The callback can assume that B is syntactically valid. The client must -select a protocol. It is fatal to the connection if this callback returns -a value other than B. The B parameter is the pointer -set via SSL_CTX_set_next_proto_select_cb(). +select a protocol (although it may be an empty, zero length protocol). It is +fatal to the connection if this callback returns a value other than +B or if the zero length protocol is selected. The B +parameter is the pointer set via SSL_CTX_set_next_proto_select_cb(). SSL_CTX_set_next_protos_advertised_cb() sets a callback B that is called when a TLS server needs a list of supported protocols for Next Protocol @@ -154,7 +163,8 @@ A match was found and is returned in B, B. =item OPENSSL_NPN_NO_OVERLAP No match was found. The first item in B, B is returned in -B, B. +B, B (or B and 0 in the case where the first entry in +B is invalid). =back @@ -192,7 +202,7 @@ L =head1 COPYRIGHT -Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_cert_store.pod b/doc/man3/SSL_CTX_set_cert_store.pod index f1fef9e649..246f413136 100644 --- a/doc/man3/SSL_CTX_set_cert_store.pod +++ b/doc/man3/SSL_CTX_set_cert_store.pod @@ -16,7 +16,9 @@ SSL_CTX_set_cert_store, SSL_CTX_set1_cert_store, SSL_CTX_get_cert_store - manipu SSL_CTX_set_cert_store() sets/replaces the certificate verification storage of B to/with B. If another X509_STORE object is currently -set in B, it will be X509_STORE_free()ed. +set in B, it will be X509_STORE_free()ed. SSL_CTX_set_cert_store() will +take ownership of the B, i.e., the call C is no +longer needed. SSL_CTX_set1_cert_store() sets/replaces the certificate verification storage of B to/with B. The B's reference count is incremented. @@ -79,7 +81,7 @@ L =head1 COPYRIGHT -Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_cipher_list.pod b/doc/man3/SSL_CTX_set_cipher_list.pod index 71f399400c..08d7693f42 100644 --- a/doc/man3/SSL_CTX_set_cipher_list.pod +++ b/doc/man3/SSL_CTX_set_cipher_list.pod @@ -52,7 +52,7 @@ ciphersuite names in order of preference. Valid TLSv1.3 ciphersuite names are: =back -An empty list is permissible. The default value for the this setting is: +An empty list is permissible. The default value for this setting is: "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256" @@ -119,7 +119,7 @@ OSSL_default_cipher_list() and OSSL_default_ciphersites() are new in 3.0. =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod b/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod index f289383c78..e4871590f7 100644 --- a/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod +++ b/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod @@ -126,9 +126,9 @@ The I key material can be set using L. =head1 NOTES -Session resumption shortcuts the TLS so that the client certificate -negotiation don't occur. It makes up for this by storing client certificate -an all other negotiated state information encrypted within the ticket. In a +Session resumption shortcuts the TLS handshake so that the client certificate +negotiation doesn't occur. It makes up for this by storing the client certificate +and all other negotiated state information encrypted within the ticket. In a resumed session the applications will have all this state information available exactly as if a full negotiation had occurred. @@ -241,7 +241,7 @@ OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2014-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2014-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_verify.pod b/doc/man3/SSL_CTX_set_verify.pod index ac6a42c191..1ae533b71e 100644 --- a/doc/man3/SSL_CTX_set_verify.pod +++ b/doc/man3/SSL_CTX_set_verify.pod @@ -144,6 +144,9 @@ B ignored (see BUGS) If the B is SSL_VERIFY_NONE none of the other flags may be set. +If verification flags are not modified explicitly by C +or C, the default value will be SSL_VERIFY_NONE. + The actual verification procedure is performed either using the built-in verification procedure or using another application provided verification function set with @@ -366,7 +369,7 @@ and SSL_set_post_handshake_auth() functions were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_use_certificate.pod b/doc/man3/SSL_CTX_use_certificate.pod index 0d9ba74042..dd6f831b86 100644 --- a/doc/man3/SSL_CTX_use_certificate.pod +++ b/doc/man3/SSL_CTX_use_certificate.pod @@ -68,7 +68,7 @@ SSL_use_certificate() loads B into B. The rest of the certificates needed to form the complete certificate chain can be specified using the L -function. +function. On success the reference counter of the B is incremented. SSL_CTX_use_certificate_ASN1() loads the ASN1 encoded certificate from the memory location B (with length B) into B, @@ -97,6 +97,7 @@ to the certificate an error is returned. To change a [certificate/private-key] pair, the new certificate needs to be set first with SSL_use_certificate() or SSL_CTX_use_certificate() before setting the private key with SSL_CTX_use_PrivateKey() or SSL_use_PrivateKey(). +On success the reference counter of the B/B is incremented. SSL_CTX_use_cert_and_key() and SSL_use_cert_and_key() assign the X.509 certificate B, private key B, and certificate B onto the @@ -195,7 +196,7 @@ L =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_SESSION_get0_hostname.pod b/doc/man3/SSL_SESSION_get0_hostname.pod index f560e7751d..e2d0540582 100644 --- a/doc/man3/SSL_SESSION_get0_hostname.pod +++ b/doc/man3/SSL_SESSION_get0_hostname.pod @@ -24,10 +24,8 @@ SSL_SESSION_set1_alpn_selected =head1 DESCRIPTION SSL_SESSION_get0_hostname() retrieves the SNI value that was sent by the -client when the session was created if it was accepted by the server and TLSv1.2 -or below was negotiated. Otherwise NULL is returned. Note that in TLSv1.3 the -SNI hostname is negotiated with each handshake including resumption handshakes -and is therefore never associated with the session. +client when the session was created if it was accepted by the server. Otherwise +NULL is returned. The value returned is a pointer to memory maintained within B and should not be free'd. diff --git a/doc/man3/SSL_SESSION_get_time.pod b/doc/man3/SSL_SESSION_get_time.pod index cdab6da4ae..5c9adc1ee5 100644 --- a/doc/man3/SSL_SESSION_get_time.pod +++ b/doc/man3/SSL_SESSION_get_time.pod @@ -79,7 +79,7 @@ L =head1 COPYRIGHT -Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_get_conn_close_info.pod b/doc/man3/SSL_get_conn_close_info.pod index badb3bf7a6..5ff0cbb803 100644 --- a/doc/man3/SSL_get_conn_close_info.pod +++ b/doc/man3/SSL_get_conn_close_info.pod @@ -167,7 +167,7 @@ This function was added in OpenSSL 3.2. =head1 COPYRIGHT -Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_get_error.pod b/doc/man3/SSL_get_error.pod index a205d2ae1a..794598facb 100644 --- a/doc/man3/SSL_get_error.pod +++ b/doc/man3/SSL_get_error.pod @@ -192,7 +192,7 @@ The SSL_ERROR_WANT_CLIENT_HELLO_CB error code was added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_get_peer_certificate.pod b/doc/man3/SSL_get_peer_certificate.pod index 7885188eed..1897a43ebe 100644 --- a/doc/man3/SSL_get_peer_certificate.pod +++ b/doc/man3/SSL_get_peer_certificate.pod @@ -74,7 +74,7 @@ SSL_get_peer_certificate() was deprecated in 3.0.0. =head1 COPYRIGHT -Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_get_shared_sigalgs.pod b/doc/man3/SSL_get_shared_sigalgs.pod index c18114cdf4..cb9ce02500 100644 --- a/doc/man3/SSL_get_shared_sigalgs.pod +++ b/doc/man3/SSL_get_shared_sigalgs.pod @@ -64,7 +64,7 @@ ordered according to configuration and peer preferences. The raw values correspond to the on the wire form as defined by RFC5246 et al. The NIDs are OpenSSL equivalents. For example if the peer sent sha256(4) and rsa(1) then B<*rhash> would be 4, B<*rsign> 1, B<*phash> NID_sha256, B<*psig> -NID_rsaEncryption and B<*psighash> NID_sha256WithRSAEncryption. +NID_rsaEncryption and B<*psignhash> NID_sha256WithRSAEncryption. If a signature algorithm is not recognised the corresponding NIDs will be set to B. This may be because the value is not supported, diff --git a/doc/man3/SSL_group_to_name.pod b/doc/man3/SSL_group_to_name.pod index f1a706b421..d23bed8ed4 100644 --- a/doc/man3/SSL_group_to_name.pod +++ b/doc/man3/SSL_group_to_name.pod @@ -33,7 +33,7 @@ L =head1 COPYRIGHT -Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_load_client_CA_file.pod b/doc/man3/SSL_load_client_CA_file.pod index 117f6bb1a9..08a6c15e46 100644 --- a/doc/man3/SSL_load_client_CA_file.pod +++ b/doc/man3/SSL_load_client_CA_file.pod @@ -112,7 +112,7 @@ were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_set_bio.pod b/doc/man3/SSL_set_bio.pod index 5cb2a9a427..07f46ab4d7 100644 --- a/doc/man3/SSL_set_bio.pod +++ b/doc/man3/SSL_set_bio.pod @@ -23,6 +23,9 @@ function, any existing B that was previously set will also be freed via a call to L (this includes the case where the B is set to the same value as previously). +If using a custom BIO, B must implement either +L or L. + SSL_set0_wbio() works in the same as SSL_set0_rbio() except that it connects the BIO B for the write operations of the B object. Note that if the rbio and wbio are the same then SSL_set0_rbio() and SSL_set0_wbio() each take @@ -30,6 +33,12 @@ ownership of one reference. Therefore, it may be necessary to increment the number of references available using L before calling the set0 functions. +If using a custom BIO, B must implement +L or L. It additionally must +implement L using B and L. +If flushing is unnecessary with B, L should return one and +do nothing. + SSL_set_bio() is similar to SSL_set0_rbio() and SSL_set0_wbio() except that it connects both the B and the B at the same time, and transfers the ownership of B and B to B according to diff --git a/doc/man3/SSL_set_session_secret_cb.pod b/doc/man3/SSL_set_session_secret_cb.pod new file mode 100644 index 0000000000..e79d81d40a --- /dev/null +++ b/doc/man3/SSL_set_session_secret_cb.pod @@ -0,0 +1,69 @@ +=pod + +=head1 NAME + +SSL_set_session_secret_cb, tls_session_secret_cb_fn +- set the session secret callback + +=head1 SYNOPSIS + + #include + + typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, + STACK_OF(SSL_CIPHER) *peer_ciphers, + const SSL_CIPHER **cipher, void *arg); + + int SSL_set_session_secret_cb(SSL *s, + tls_session_secret_cb_fn session_secret_cb, + void *arg); + +=head1 DESCRIPTION + +SSL_set_session_secret_cb() sets the session secret callback to be used +(I), and an optional argument (I) to be passed to that +callback when it is called. This is only useful for an implementation of +EAP-FAST (RFC4851). The presence of the callback also modifies the internal +OpenSSL TLS state machine to match the modified TLS behaviour as described in +RFC4851. Therefore this callback should not be used except when implementing +EAP-FAST. + +The callback is expected to set the master secret to be used by filling in the +data pointed to by I<*secret>. The size of the secret buffer is initially +available in I<*secret_len> and may be updated by the callback (but must not be +larger than the initial value). + +On the server side the set of ciphersuites offered by the peer is provided in +the I stack. Optionally the callback may select the preferred +ciphersuite by setting it in I<*cipher>. + +On the client side the I stack will always be NULL. The callback +may specify the preferred cipher in I<*cipher> and this will be associated with +the B - but it does not affect the ciphersuite selected by the +server. + +The callback is also supplied with an additional argument in I which is the +argument that was provided to the original SSL_set_session_secret_cb() call. + +=head1 RETURN VALUES + +SSL_set_session_secret_cb() returns 1 on success and 0 on failure. + +If the callback returns 1 then this indicates it has successfully set the +secret. A return value of 0 indicates that the secret has not been set. On the +client this will cause an immediate abort of the handshake. + +=head1 SEE ALSO + +L, +L + +=head1 COPYRIGHT + +Copyright 2024 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man3/SSL_write.pod b/doc/man3/SSL_write.pod index 3a63ff1fec..0866c612d4 100644 --- a/doc/man3/SSL_write.pod +++ b/doc/man3/SSL_write.pod @@ -198,7 +198,7 @@ The SSL_sendfile() function was added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/TS_RESP_CTX_new.pod b/doc/man3/TS_RESP_CTX_new.pod index 725a1921d1..01fd23a10e 100644 --- a/doc/man3/TS_RESP_CTX_new.pod +++ b/doc/man3/TS_RESP_CTX_new.pod @@ -27,6 +27,7 @@ and property query to NULL. This results in the default (NULL) library context being used for any operations requiring algorithm fetches. TS_RESP_CTX_free() frees the B object I. +If the argument is NULL, nothing is done. =head1 RETURN VALUES @@ -39,7 +40,7 @@ The function TS_RESP_CTX_new_ex() was added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/X509V3_get_d2i.pod b/doc/man3/X509V3_get_d2i.pod index 4a2e81b0db..88294ff710 100644 --- a/doc/man3/X509V3_get_d2i.pod +++ b/doc/man3/X509V3_get_d2i.pod @@ -108,6 +108,7 @@ The function X509V3_get_d2i() and its variants will return NULL if the extension is not found, occurs multiple times or cannot be decoded. It is possible to determine the precise reason by checking the value of I<*crit>. +The returned pointer must be explicitly freed. The function X509V3_add1_i2d() and its variants allocate B objects on STACK I<*x> depending on I. The B objects @@ -236,7 +237,7 @@ L =head1 COPYRIGHT -Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/X509V3_set_ctx.pod b/doc/man3/X509V3_set_ctx.pod index cce5155fec..6f9af309f4 100644 --- a/doc/man3/X509V3_set_ctx.pod +++ b/doc/man3/X509V3_set_ctx.pod @@ -45,8 +45,7 @@ to provide fallback data for the authority key identifier extension. =head1 RETURN VALUES -X509V3_set_ctx() and X509V3_set_issuer_pkey() -return 1 on success and 0 on error. +X509V3_set_issuer_pkey() returns 1 on success and 0 on error. =head1 SEE ALSO @@ -60,7 +59,7 @@ CTX_TEST was deprecated in OpenSSL 3.0; use X509V3_CTX_TEST instead. =head1 COPYRIGHT -Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/X509_ATTRIBUTE.pod b/doc/man3/X509_ATTRIBUTE.pod index 1eacf3ee3d..f2f7597d0b 100644 --- a/doc/man3/X509_ATTRIBUTE.pod +++ b/doc/man3/X509_ATTRIBUTE.pod @@ -253,7 +253,7 @@ L, =head1 COPYRIGHT -Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/X509_LOOKUP.pod b/doc/man3/X509_LOOKUP.pod index f888d28467..de4eca7fda 100644 --- a/doc/man3/X509_LOOKUP.pod +++ b/doc/man3/X509_LOOKUP.pod @@ -85,6 +85,7 @@ X509_LOOKUP_shutdown() tears down the internal state and resources of the given B. X509_LOOKUP_free() destructs the given B. +If the argument is NULL, nothing is done. X509_LOOKUP_set_method_data() and X509_LOOKUP_get_method_data() associates and retrieves a pointer to application data to and from the @@ -237,7 +238,7 @@ added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/X509_LOOKUP_meth_new.pod b/doc/man3/X509_LOOKUP_meth_new.pod index 49776e7126..19faae2e5f 100644 --- a/doc/man3/X509_LOOKUP_meth_new.pod +++ b/doc/man3/X509_LOOKUP_meth_new.pod @@ -110,6 +110,7 @@ be given a human-readable string containing a brief description of the lookup method. X509_LOOKUP_meth_free() destroys a B structure. +If the argument is NULL, nothing is done. X509_LOOKUP_get_new_item() and X509_LOOKUP_set_new_item() get and set the function that is called when an B object is created with @@ -187,7 +188,7 @@ The functions described here were added in OpenSSL 1.1.0i. =head1 COPYRIGHT -Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2018-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/X509_REQ_get_attr.pod b/doc/man3/X509_REQ_get_attr.pod index a85d8399b0..f2217bd537 100644 --- a/doc/man3/X509_REQ_get_attr.pod +++ b/doc/man3/X509_REQ_get_attr.pod @@ -101,7 +101,7 @@ L =head1 COPYRIGHT -Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/X509_STORE_CTX_new.pod b/doc/man3/X509_STORE_CTX_new.pod index 17c8bc73bf..c219cee9d6 100644 --- a/doc/man3/X509_STORE_CTX_new.pod +++ b/doc/man3/X509_STORE_CTX_new.pod @@ -85,7 +85,10 @@ If I is NULL nothing is done. X509_STORE_CTX_init() sets up I for a subsequent verification operation. X509_STORE_CTX_init() initializes the internal state and resources of the -X509_STORE_CTX, and must be called before each call to L or +given I. Among others, it sets the verification parameters associcated +with the method name C, which includes the C purpose, +and takes over callback function pointers from I (unless NULL). +It must be called before each call to L or L, i.e., a context is only good for one verification. If you want to verify a further certificate or chain with the same I then you must call X509_STORE_CTX_init() again. @@ -176,12 +179,13 @@ by I to be I. Ownership of the chain is transferred to I, and so it should not be free'd by the caller. -X509_STORE_CTX_set_default() looks up and sets the default verification -method to I. This uses the function X509_VERIFY_PARAM_lookup() to -find an appropriate set of parameters from the purpose identifier I. -Currently defined purposes are C, C, C, -C, C, C, C, C, -and C. +X509_STORE_CTX_set_default() looks up and sets the default verification method. +This uses the function X509_VERIFY_PARAM_lookup() to find +the set of parameters associated with the given verification method I. +Among others, the parameters determine the trust model and verification purpose. +More detail, including the list of currently predefined methods, +is described for the B<-verify_name> command-line option +in L. X509_STORE_CTX_set_verify() provides the capability for overriding the default verify function. This function is responsible for verifying chain signatures and @@ -315,7 +319,7 @@ There is no need to call X509_STORE_CTX_cleanup() explicitly since OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2009-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2009-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/X509_STORE_get0_param.pod b/doc/man3/X509_STORE_get0_param.pod index d9dfb1b656..95a1725bc3 100644 --- a/doc/man3/X509_STORE_get0_param.pod +++ b/doc/man3/X509_STORE_get0_param.pod @@ -65,7 +65,7 @@ B was added in OpenSSL 3.3. =head1 COPYRIGHT -Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/X509_STORE_new.pod b/doc/man3/X509_STORE_new.pod index 59b5160f39..9162080e0c 100644 --- a/doc/man3/X509_STORE_new.pod +++ b/doc/man3/X509_STORE_new.pod @@ -27,6 +27,7 @@ X509_STORE_lock() locks the store from modification by other threads, X509_STORE_unlock() unlocks it. X509_STORE_free() frees up a single X509_STORE object. +If the argument is NULL, nothing is done. =head1 RETURN VALUES @@ -49,7 +50,7 @@ functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/X509_add_cert.pod b/doc/man3/X509_add_cert.pod index a4f3ea5032..f59b93ba54 100644 --- a/doc/man3/X509_add_cert.pod +++ b/doc/man3/X509_add_cert.pod @@ -16,6 +16,7 @@ X509 certificate list addition functions =head1 DESCRIPTION X509_add_cert() adds a certificate I to the given list I. +It is an error for the I argument to be NULL. X509_add_certs() adds a list of certificate I to the given list I. The I argument may be NULL, which implies no effect. @@ -66,7 +67,7 @@ were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/X509_dup.pod b/doc/man3/X509_dup.pod index c6206e1759..029958d987 100644 --- a/doc/man3/X509_dup.pod +++ b/doc/man3/X509_dup.pod @@ -370,7 +370,7 @@ followed by I, which re-builds the cached data. B_free>() releases the object and all pointers and sub-objects -within it. +within it. If the argument is NULL, nothing is done. B_print_ctx>() prints the object I on the specified BIO I. Each line will be prefixed with I spaces. @@ -399,7 +399,7 @@ deprecated in 3.0. =head1 COPYRIGHT -Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/X509_load_http.pod b/doc/man3/X509_load_http.pod index a147c43caa..e17330b055 100644 --- a/doc/man3/X509_load_http.pod +++ b/doc/man3/X509_load_http.pod @@ -27,6 +27,9 @@ see L: X509_load_http() and X509_CRL_load_http() loads a certificate or a CRL, respectively, in ASN.1 format using HTTP from the given B. +Maximum size of the HTTP response is 100 kB for certificates and 32 MB for CRLs +and hard coded in the functions. + If B is given and B is NULL then this BIO is used instead of an internal one for connecting, writing the request, and reading the response. If both B and B are given (which may be memory BIOs, for instance) diff --git a/doc/man3/X509_new.pod b/doc/man3/X509_new.pod index dcebb55fe6..264767e834 100644 --- a/doc/man3/X509_new.pod +++ b/doc/man3/X509_new.pod @@ -21,7 +21,7 @@ OSSL_STACK_OF_X509_free =head1 DESCRIPTION -The X509 ASN1 allocation routines, allocate and free an +The X509 ASN1 allocation routines allocate and free an X509 structure, which represents an X509 certificate. X509_new_ex() allocates and initializes a X509 structure with a @@ -36,7 +36,8 @@ and property query to NULL. This results in the default (NULL) library context being used for any X509 operations requiring algorithm fetches. X509_free() decrements the reference count of B structure B and -frees it up if the reference count is zero. If B is NULL nothing is done. +frees it up if the reference count is zero. If the argument is NULL, +nothing is done. X509_up_ref() increments the reference count of B. @@ -45,6 +46,7 @@ chain B and returns a copy of the stack, or an empty stack if B is NULL. OSSL_STACK_OF_X509_free() deallocates the given list of pointers to certificates after calling X509_free() on all its elements. +If the argument is NULL, nothing is done. =head1 NOTES @@ -96,7 +98,7 @@ OSSL_STACK_OF_X509_free() was added in OpenSSL 3.2. =head1 COPYRIGHT -Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/d2i_X509.pod b/doc/man3/d2i_X509.pod index 00efb60358..c4b589dd89 100644 --- a/doc/man3/d2i_X509.pod +++ b/doc/man3/d2i_X509.pod @@ -387,7 +387,9 @@ B>() attempts to decode I bytes at I<*ppin>. If successful a pointer to the B> structure is returned and I<*ppin> is incremented to the byte following the parsed data. If I is not NULL then a pointer to the returned structure is also written to I<*a>. If an error occurred -then NULL is returned. +then NULL is returned. The caller retains ownership of the +returned object and needs to free it when it is no longer needed, e.g. +using X509_free() for X509 objects or DSA_SIG_free() for DSA_SIG objects. On a successful return, if I<*a> is not NULL then it is assumed that I<*a> contains a valid B> structure and an attempt is made to reuse it. @@ -615,7 +617,7 @@ efficiency reasons. =head1 COPYRIGHT -Copyright 1998-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 1998-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man5/config.pod b/doc/man5/config.pod index 8b3bf20cee..4e095c0eac 100644 --- a/doc/man5/config.pod +++ b/doc/man5/config.pod @@ -275,7 +275,7 @@ value will result in an error. If enabled, informs the library to clear the error stack on failure to activate requested provider. A value of 1, yes, true or on (in lower or uppercase) will -activate this setting, while a value of 0, no, false, of off (again in lower or +activate this setting, while a value of 0, no, false, or off (again in lower or uppercase) will disable this setting. Any other value will produce an error. Note this setting defaults to off if not provided @@ -586,7 +586,7 @@ L. =head1 COPYRIGHT -Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/EVP_KDF-ARGON2.pod b/doc/man7/EVP_KDF-ARGON2.pod index d41a3179b5..0f80638d08 100644 --- a/doc/man7/EVP_KDF-ARGON2.pod +++ b/doc/man7/EVP_KDF-ARGON2.pod @@ -44,6 +44,8 @@ The supported parameters are: =item "size" (B) +=item "properties" (B) + These parameters work as described in L. Note that RFC 9106 recommends 128 bits salt for most applications, or 64 bits @@ -182,7 +184,7 @@ This functionality was added to OpenSSL 3.2. =head1 COPYRIGHT -Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/EVP_KDF-HKDF.pod b/doc/man7/EVP_KDF-HKDF.pod index 5fc0a73241..b563efa5f5 100644 --- a/doc/man7/EVP_KDF-HKDF.pod +++ b/doc/man7/EVP_KDF-HKDF.pod @@ -15,6 +15,8 @@ and "extracts" from it a fixed-length pseudorandom key K. The second stage "expands" the key K into several additional pseudorandom keys (the output of the KDF). +The output is considered to be keying material. + =head2 Identity "HKDF" is the name for this implementation; it diff --git a/doc/man7/EVP_KDF-KB.pod b/doc/man7/EVP_KDF-KB.pod index 1b9342f691..5d6bc48152 100644 --- a/doc/man7/EVP_KDF-KB.pod +++ b/doc/man7/EVP_KDF-KB.pod @@ -10,6 +10,8 @@ The EVP_KDF-KB algorithm implements the Key-Based key derivation function (KBKDF). KBKDF derives a key from repeated application of a keyed MAC to an input secret (and other optional values). +The output is considered to be keying material. + =head2 Identity "KBKDF" is the name for this implementation; it can be used with the diff --git a/doc/man7/EVP_KDF-PBKDF2.pod b/doc/man7/EVP_KDF-PBKDF2.pod index 9e9195bf40..d834d9f2e0 100644 --- a/doc/man7/EVP_KDF-PBKDF2.pod +++ b/doc/man7/EVP_KDF-PBKDF2.pod @@ -13,6 +13,8 @@ The EVP_KDF-PBKDF2 algorithm implements the PBKDF2 password-based key derivation function, as described in SP800-132; it derives a key from a password using a salt and iteration count. +The output is considered to be a cryptographic key. + =head2 Identity "PBKDF2" is the name for this implementation; it diff --git a/doc/man7/EVP_KDF-SS.pod b/doc/man7/EVP_KDF-SS.pod index c8d19691a7..6640703eef 100644 --- a/doc/man7/EVP_KDF-SS.pod +++ b/doc/man7/EVP_KDF-SS.pod @@ -11,6 +11,8 @@ SSKDF derives a key using input such as a shared secret key (that was generated during the execution of a key establishment scheme) and fixedinfo. SSKDF is also informally referred to as 'Concat KDF'. +The output is considered to be keying material. + =head2 Auxiliary function The implementation uses a selectable auxiliary function H, which can be one of: diff --git a/doc/man7/EVP_KDF-SSHKDF.pod b/doc/man7/EVP_KDF-SSHKDF.pod index c7a3263f45..a5b1539475 100644 --- a/doc/man7/EVP_KDF-SSHKDF.pod +++ b/doc/man7/EVP_KDF-SSHKDF.pod @@ -15,6 +15,8 @@ Five inputs are required to perform key derivation: The hashing function (for example SHA256), the Initial Key, the Exchange Hash, the Session ID, and the derivation key type. +The output is considered to be keying material. + =head2 Identity "SSHKDF" is the name for this implementation; it diff --git a/doc/man7/EVP_KDF-TLS13_KDF.pod b/doc/man7/EVP_KDF-TLS13_KDF.pod index d588b121fa..7fad55ca61 100644 --- a/doc/man7/EVP_KDF-TLS13_KDF.pod +++ b/doc/man7/EVP_KDF-TLS13_KDF.pod @@ -12,6 +12,8 @@ the B API. The EVP_KDF-TLS13_KDF algorithm implements the HKDF key derivation function as used by TLS 1.3. +The output is considered to be keying material. + =head2 Identity "TLS13-KDF" is the name for this implementation; it diff --git a/doc/man7/EVP_KDF-TLS1_PRF.pod b/doc/man7/EVP_KDF-TLS1_PRF.pod index 8a60e97315..90b357e70f 100644 --- a/doc/man7/EVP_KDF-TLS1_PRF.pod +++ b/doc/man7/EVP_KDF-TLS1_PRF.pod @@ -11,6 +11,8 @@ Support for computing the B PRF through the B API. The EVP_KDF-TLS1_PRF algorithm implements the PRF used by TLS versions up to and including TLS 1.2. +The output is considered to be keying material. + =head2 Identity "TLS1-PRF" is the name for this implementation; it diff --git a/doc/man7/EVP_KDF-X942-ASN1.pod b/doc/man7/EVP_KDF-X942-ASN1.pod index b13610dc03..97b7111bae 100644 --- a/doc/man7/EVP_KDF-X942-ASN1.pod +++ b/doc/man7/EVP_KDF-X942-ASN1.pod @@ -13,6 +13,8 @@ contains a 32 bit counter as well as optional fields for "partyu-info", "partyv-info", "supp-pubinfo" and "supp-privinfo". This kdf is used by Cryptographic Message Syntax (CMS). +The output is considered to be keying material. + =head2 Identity "X942KDF-ASN1" or "X942KDF" is the name for this implementation; it diff --git a/doc/man7/EVP_KDF-X963.pod b/doc/man7/EVP_KDF-X963.pod index 3d6f4372cf..ca2f7c1df0 100644 --- a/doc/man7/EVP_KDF-X963.pod +++ b/doc/man7/EVP_KDF-X963.pod @@ -10,6 +10,8 @@ The EVP_KDF-X963 algorithm implements the key derivation function (X963KDF). X963KDF is used by Cryptographic Message Syntax (CMS) for EC KeyAgreement, to derive a key using input such as a shared secret key and shared info. +The output is considered to be keying material. + =head2 Identity "X963KDF" is the name for this implementation; it diff --git a/doc/man7/EVP_KEYEXCH-DH.pod b/doc/man7/EVP_KEYEXCH-DH.pod index a6927afefb..eaec67775d 100644 --- a/doc/man7/EVP_KEYEXCH-DH.pod +++ b/doc/man7/EVP_KEYEXCH-DH.pod @@ -7,9 +7,14 @@ EVP_KEYEXCH-DH =head1 DESCRIPTION -Key exchange support for the B key type. +Key exchange support for the B and B key types. -=head2 DH key exchange parameters +Please note that although both key types support the same key exchange +operations, they cannot be used together in a single key exchange. It +is not possible to use a private key of the B type in key exchange +with the public key of B type and vice versa. + +=head2 DH and DHX key exchange parameters =over 4 @@ -122,7 +127,7 @@ L, =head1 COPYRIGHT -Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/EVP_KEYEXCH-ECDH.pod b/doc/man7/EVP_KEYEXCH-ECDH.pod index 3d630d91bf..8d7b786cfe 100644 --- a/doc/man7/EVP_KEYEXCH-ECDH.pod +++ b/doc/man7/EVP_KEYEXCH-ECDH.pod @@ -55,6 +55,8 @@ See L. =head1 EXAMPLES +Examples of key agreement can be found in demos/keyexch. + Keys for the host and peer must be generated as shown in L using the same curve name. @@ -107,7 +109,7 @@ L, =head1 COPYRIGHT -Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/EVP_PKEY-DH.pod b/doc/man7/EVP_PKEY-DH.pod index 1662b152ed..1232730c33 100644 --- a/doc/man7/EVP_PKEY-DH.pod +++ b/doc/man7/EVP_PKEY-DH.pod @@ -7,11 +7,12 @@ EVP_PKEY-DH, EVP_PKEY-DHX, EVP_KEYMGMT-DH, EVP_KEYMGMT-DHX =head1 DESCRIPTION -For B FFC key agreement, two classes of domain parameters can be used: -"safe" domain parameters that are associated with approved named safe-prime -groups, and a class of "FIPS186-type" domain parameters. FIPS186-type domain -parameters should only be used for backward compatibility with existing -applications that cannot be upgraded to use the approved safe-prime groups. +For finite field Diffie-Hellman key agreement, two classes of domain +parameters can be used: "safe" domain parameters that are associated with +approved named safe-prime groups, and a class of "FIPS186-type" domain +parameters. FIPS186-type domain parameters should only be used for backward +compatibility with existing applications that cannot be upgraded to use the +approved safe-prime groups. See L for more information about FFC keys. @@ -20,11 +21,11 @@ I value. The B key type uses X9.42 format which saves the value of I and this must be used for FIPS186-4. If key validation is required, users should be aware of the nuances associated with FIPS186-4 style parameters as discussed in -L. +L. =head2 DH and DHX domain parameters -In addition to the common FCC parameters that all FFC keytypes should support +In addition to the common FFC parameters that all FFC keytypes should support (see L) the B and B keytype implementations support the following: @@ -129,43 +130,44 @@ Where s is the security strength of the key which has values of =back -=head2 DH key validation +=head2 DH and DHX key validation -For B that is not a named group the FIPS186-4 standard specifies that the +For keys that are not a named group the FIPS186-4 standard specifies that the values used for FFC parameter generation are also required for parameter validation. This means that optional FFC domain parameter values for I, I and I or I may need to be stored for validation purposes. For B the I and I can be stored in ASN1 data (but the I or I cannot be stored). It is recommended to use a -named safe prime group instead. +B parameters with named safe prime group instead. + +With the OpenSSL FIPS provider, L and +L behave in the following way: the parameters +are tested if they are either an approved safe prime group OR that the FFC +parameters conform to FIPS186-4 as defined in SP800-56Ar3 I. -For DH keys, L behaves in the following way: -The OpenSSL FIPS provider tests if the parameters are either an approved safe -prime group OR that the FFC parameters conform to FIPS186-4 as defined in -SP800-56Ar3 I. The OpenSSL default provider uses simpler checks that allows there to be no I -value for backwards compatibility. +value for backwards compatibility, however the L will +test the I

value for being a prime (and a safe prime if I is missing) +which can take significant time. The L avoids +the prime tests. -For DH keys, L is equivalent to -L. +L conforms to SP800-56Ar3 +I. -For DH keys, L conforms to -SP800-56Ar3 I. +L conforms to SP800-56Ar3 +I when the key is an approved named safe +prime group, otherwise it is the same as L. -For DH keys, L conforms to -SP800-56Ar3 I when the -DH key is an approved named safe prime group, otherwise it is the same as -L. - -For DH Keys, L tests that the private key is in the -correct range according to SP800-56Ar3. The OpenSSL FIPS provider requires the -value of I to be set (note that this is set for named safe prime groups). +L tests that the private key is in the correct range +according to SP800-56Ar3. The OpenSSL FIPS provider requires the value of I +to be set (note that this is implicitly set for named safe prime groups). For backwards compatibility the OpenSSL default provider only requires I

to be set. -For DH keys, L conforms to -SP800-56Ar3 I. +L conforms to SP800-56Ar3 +I. =head1 EXAMPLES @@ -327,7 +329,7 @@ L =head1 COPYRIGHT -Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/EVP_PKEY-RSA.pod b/doc/man7/EVP_PKEY-RSA.pod index 96562b6be0..9c4a615b84 100644 --- a/doc/man7/EVP_PKEY-RSA.pod +++ b/doc/man7/EVP_PKEY-RSA.pod @@ -273,7 +273,7 @@ L, L, L, L =head1 COPYRIGHT -Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/EVP_PKEY-SM2.pod b/doc/man7/EVP_PKEY-SM2.pod index 8bdc506cec..28a0e995d5 100644 --- a/doc/man7/EVP_PKEY-SM2.pod +++ b/doc/man7/EVP_PKEY-SM2.pod @@ -38,6 +38,9 @@ Getter that returns the default digest name. B signatures can be generated by using the 'DigestSign' series of APIs, for instance, EVP_DigestSignInit(), EVP_DigestSignUpdate() and EVP_DigestSignFinal(). Ditto for the verification process by calling the 'DigestVerify' series of APIs. +Note that the SM2 algorithm requires the presence of the public key for signatures, +as such the B option must be set on any key used in signature +generation. Before computing an B signature, an B needs to be created, and an B ID must be set for it, like this: @@ -84,7 +87,7 @@ L =head1 COPYRIGHT -Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2018-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/EVP_SIGNATURE-DSA.pod b/doc/man7/EVP_SIGNATURE-DSA.pod index 290041a2dd..9756fa1ff2 100644 --- a/doc/man7/EVP_SIGNATURE-DSA.pod +++ b/doc/man7/EVP_SIGNATURE-DSA.pod @@ -7,7 +7,9 @@ EVP_SIGNATURE-DSA =head1 DESCRIPTION -Support for computing DSA signatures. +Support for computing DSA signatures. The signature produced with +L is DER encoded ASN.1 in the form described in +RFC 3279, section 2.2.2. See L for information related to DSA keys. =head2 Signature Parameters diff --git a/doc/man7/OSSL_PROVIDER-FIPS.pod b/doc/man7/OSSL_PROVIDER-FIPS.pod index 15bc06a710..c1dd603643 100644 --- a/doc/man7/OSSL_PROVIDER-FIPS.pod +++ b/doc/man7/OSSL_PROVIDER-FIPS.pod @@ -507,7 +507,7 @@ This functionality was added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/OSSL_PROVIDER-base.pod b/doc/man7/OSSL_PROVIDER-base.pod index 24d610f28c..93a9029fd6 100644 --- a/doc/man7/OSSL_PROVIDER-base.pod +++ b/doc/man7/OSSL_PROVIDER-base.pod @@ -140,7 +140,7 @@ combination with the FIPS provider. =item file -=item org.openssl.winstore +=item org.openssl.winstore, see L =back @@ -158,7 +158,7 @@ This functionality was added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/OSSL_PROVIDER-default.pod b/doc/man7/OSSL_PROVIDER-default.pod index feba00aa76..edfd80d354 100644 --- a/doc/man7/OSSL_PROVIDER-default.pod +++ b/doc/man7/OSSL_PROVIDER-default.pod @@ -358,7 +358,7 @@ combination with the FIPS provider. =item file -=item org.openssl.winstore +=item org.openssl.winstore, see L =back @@ -378,7 +378,7 @@ All other functionality was added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/OSSL_STORE-winstore.pod b/doc/man7/OSSL_STORE-winstore.pod new file mode 100644 index 0000000000..f25a27e201 --- /dev/null +++ b/doc/man7/OSSL_STORE-winstore.pod @@ -0,0 +1,86 @@ +=pod + +=head1 NAME + +OSSL_STORE-winstore - OpenSSL built in OSSL_STORE for Windows + +=head1 DESCRIPTION + +The OSSL_STORE implementation for Windows provides access to Windows' system +C certificate store through URIs, using the URI scheme +C. + +=head2 Supported URIs + +There is only one supported URI: + + org.openssl.winstore: + +No authority (host, etc), no path, no query, no fragment. + +=head2 Supported OSSL_STORE_SEARCH operations + +=over 4 + +=item L + +As a matter of fact, this must be used. It is not possible to enumerate all +available certificates in the store. + +=back + +=head2 Windows certificate store features + +Apart from diverse constraints present in the certificates themselves, the +Windows certificate store also has the ability to associate additional +constraining properties alongside a certificate in the store. This includes +both documented and undocumented capabilities: + +=over 4 + +=item * + +The documented capability to override EKU + +=item * + +The undocumented capability to add name constraints + +=item * + +The undocumented capability to override the certificate expiry date + +=back + +I. + +However, once extracted with L, certificates that have +constraints in their X.509 extensions will go through the usual constraint +checks when used by OpenSSL, and are thereby honoured. + +=head1 SEE ALSO + +L, L, L + +=head1 HISTORY + +The winstore (C) implementation was added in OpenSSL +3.2.0. + +=head1 NOTES + +OpenSSL uses L implementations under the hood. +To influence what L implementations are used, it's advisable +to use L and set the I argument. + +=head1 COPYRIGHT + +Copyright 2024 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man7/fips_module.pod b/doc/man7/fips_module.pod index 249588598b..2ec9803779 100644 --- a/doc/man7/fips_module.pod +++ b/doc/man7/fips_module.pod @@ -212,7 +212,7 @@ application. If any OpenSSL functions get called that require the use of cryptographic functions before this occurs then, if no provider has yet been loaded, then the default provider will be automatically loaded. If you then later explicitly load the FIPS provider then you will have both the FIPS and the -default provider loaded at the same time. It is undefined which implementation +default provider loaded at the same time. It is unspecified which implementation of an algorithm will be used if multiple implementations are available and you have not explicitly specified via a property query (see below) which one should be used. @@ -244,7 +244,7 @@ standards you can specify the property query C like this: sha256 = EVP_MD_fetch(NULL, "SHA2-256", "fips=yes"); If no property query is specified, or more than one implementation matches the -property query then it is undefined which implementation of a particular +property query then it is unspecified which implementation of a particular algorithm will be returned. This example shows an explicit request for an implementation of SHA256 from the diff --git a/doc/man7/openssl-env.pod b/doc/man7/openssl-env.pod index 53f1569897..df332aa3b1 100644 --- a/doc/man7/openssl-env.pod +++ b/doc/man7/openssl-env.pod @@ -51,6 +51,99 @@ See L. Specifies the directory from which cryptographic providers are loaded. Equivalently, the generic B<-provider-path> command-line option may be used. +=item B + +By default the OpenSSL trace feature is disabled statically. +To enable it, OpenSSL must be built with tracing support, +which may be configured like this: C<./config enable-trace> + +Unless OpenSSL tracing support is generally disabled, +enable trace output of specific parts of OpenSSL libraries, by name. +This output usually makes sense only if you know OpenSSL internals well. + +The value of this environment varialble is a comma-separated list of names, +with the following available: + +=over 4 + +=item B + +Traces the OpenSSL trace API itself. + +=item B + +Traces OpenSSL library initialization and cleanup. + +=item B + +Traces the TLS/SSL protocol. + +=item B + +Traces the ciphers used by the TLS/SSL protocol. + +=item B + +Show details about provider and engine configuration. + +=item B + +The function that is used by RSA, DSA (etc) code to select registered +ENGINEs, cache defaults and functional references (etc), will generate +debugging summaries. + +=item B + +Reference counts in the ENGINE structure will be monitored with a line +of generated for each change. + +=item B + +Traces PKCS#5 v2 key generation. + +=item B + +Traces PKCS#12 key generation. + +=item B + +Traces PKCS#12 decryption. + +=item B + +Generates the complete policy tree at various points during X.509 v3 +policy evaluation. + +=item B + +Traces BIGNUM context operations. + +=item B + +Traces CMP client and server activity. + +=item B + +Traces STORE operations. + +=item B + +Traces decoder operations. + +=item B + +Traces encoder operations. + +=item B + +Traces decrementing certain ASN.1 structure references. + +=item B + +Traces the HTTP client and server, such as messages being sent and received. + +=back + =item B If set, then L returns UTF-8 encoded strings, rather than @@ -99,7 +192,7 @@ Used to set a QUIC qlog filter specification. See L. =head1 COPYRIGHT -Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/ossl-guide-libcrypto-introduction.pod b/doc/man7/ossl-guide-libcrypto-introduction.pod index 33451b4873..e6d4807284 100644 --- a/doc/man7/ossl-guide-libcrypto-introduction.pod +++ b/doc/man7/ossl-guide-libcrypto-introduction.pod @@ -392,7 +392,7 @@ L, L =head1 COPYRIGHT -Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/ossl-guide-migration.pod b/doc/man7/ossl-guide-migration.pod index 569c00e2fb..64d99a1110 100644 --- a/doc/man7/ossl-guide-migration.pod +++ b/doc/man7/ossl-guide-migration.pod @@ -1327,7 +1327,7 @@ d2i_DSAPrivateKey_bio(), d2i_DSAPrivateKey_fp(), d2i_DSA_PUBKEY(), d2i_DSA_PUBKEY_bio(), d2i_DSA_PUBKEY_fp(), d2i_DSAPublicKey(), d2i_ECParameters(), d2i_ECPrivateKey(), d2i_ECPrivateKey_bio(), d2i_ECPrivateKey_fp(), d2i_EC_PUBKEY(), d2i_EC_PUBKEY_bio(), -d2i_EC_PUBKEY_fp(), o2i_ECPublicKey(), d2i_RSAPrivateKey(), +d2i_EC_PUBKEY_fp(), d2i_RSAPrivateKey(), d2i_RSAPrivateKey_bio(), d2i_RSAPrivateKey_fp(), d2i_RSA_PUBKEY(), d2i_RSA_PUBKEY_bio(), d2i_RSA_PUBKEY_fp(), d2i_RSAPublicKey(), d2i_RSAPublicKey_bio(), d2i_RSAPublicKey_fp() @@ -1336,6 +1336,13 @@ See L =item * +o2i_ECPublicKey() + +Use L. +See L + +=item * + DES_crypt(), DES_fcrypt(), DES_encrypt1(), DES_encrypt2(), DES_encrypt3(), DES_decrypt3(), DES_ede3_cbc_encrypt(), DES_ede3_cfb64_encrypt(), DES_ede3_cfb_encrypt(),DES_ede3_ofb64_encrypt(), @@ -1886,13 +1893,20 @@ and L i2d_ECParameters(), i2d_ECPrivateKey(), i2d_ECPrivateKey_bio(), i2d_ECPrivateKey_fp(), i2d_EC_PUBKEY(), i2d_EC_PUBKEY_bio(), -i2d_EC_PUBKEY_fp(), i2o_ECPublicKey() +i2d_EC_PUBKEY_fp() See L and L =item * +i2o_ECPublicKey() + +Use L. +See L + +=item * + i2d_RSAPrivateKey(), i2d_RSAPrivateKey_bio(), i2d_RSAPrivateKey_fp(), i2d_RSA_PUBKEY(), i2d_RSA_PUBKEY_bio(), i2d_RSA_PUBKEY_fp(), i2d_RSAPublicKey(), i2d_RSAPublicKey_bio(), i2d_RSAPublicKey_fp() @@ -2491,7 +2505,7 @@ The migration guide was created for OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/ossl_store.pod b/doc/man7/ossl_store.pod index a2c6260061..d6fdae8f22 100644 --- a/doc/man7/ossl_store.pod +++ b/doc/man7/ossl_store.pod @@ -44,7 +44,11 @@ other encoding is undefined. =head2 A generic call - OSSL_STORE_CTX *ctx = OSSL_STORE_open("file:/foo/bar/data.pem"); + #include /* for UI_get_default_method */ + #include + + OSSL_STORE_CTX *ctx = OSSL_STORE_open("file:/foo/bar/data.pem", + UI_get_default_method(), NULL, NULL, NULL); /* * OSSL_STORE_eof() simulates file semantics for any repository to signal @@ -65,6 +69,7 @@ other encoding is undefined. PEM_write_X509(stdout, OSSL_STORE_INFO_get0_CERT(info)); break; } + OSSL_STORE_INFO_free(info); } OSSL_STORE_close(ctx); @@ -77,7 +82,7 @@ L =head1 COPYRIGHT -Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/provider-asym_cipher.pod b/doc/man7/provider-asym_cipher.pod index e3f11d8543..78b7099108 100644 --- a/doc/man7/provider-asym_cipher.pod +++ b/doc/man7/provider-asym_cipher.pod @@ -234,14 +234,14 @@ The TLS protocol version first requested by the client. The negotiated TLS protocol version. -=item "implicit-rejection" (B) +=item "implicit-rejection" (B) -Gets of sets the use of the implicit rejection mechanism for RSA PKCS#1 v1.5 +Gets or sets the use of the implicit rejection mechanism for RSA PKCS#1 v1.5 decryption. When set (non zero value), the decryption API will return a deterministically random value if the PKCS#1 v1.5 padding check fails. This makes exploitation of the Bleichenbacher significantly harder, even if the code using the RSA decryption API is not implemented in side-channel -free manner. Set by default. +free manner. Set by default in OpenSSL providers. =back @@ -267,7 +267,7 @@ The provider ASYM_CIPHER interface was introduced in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/provider-base.pod b/doc/man7/provider-base.pod index 5dcbbed221..a27d948b08 100644 --- a/doc/man7/provider-base.pod +++ b/doc/man7/provider-base.pod @@ -581,6 +581,11 @@ The name of the group as known by the provider. This could be the same as the The TLS group id value as given in the IANA TLS Supported Groups registry. +It is possible to register the same group id from within different +providers. Users should note that if no property query is specified, or +more than one implementation matches the property query then it is +unspecified which implementation for a particular group id will be used. + =item "tls-group-alg" (B) The name of a Key Management algorithm that the provider offers and that should @@ -667,6 +672,11 @@ This value must be supplied. The TLS algorithm ID value as given in the IANA TLS SignatureScheme registry. This value must be supplied. +It is possible to register the same code point from within different +providers. Users should note that if no property query is specified, or +more than one implementation matches the property query then it is +unspecified which implementation for a particular code point will be used. + =item "sigalg-name" (B) A name for the full (possibly composite hash-and-signature) signature diff --git a/doc/man7/provider-keymgmt.pod b/doc/man7/provider-keymgmt.pod index cbbf8c8547..023a6c883e 100644 --- a/doc/man7/provider-keymgmt.pod +++ b/doc/man7/provider-keymgmt.pod @@ -468,7 +468,7 @@ were added with OpenSSL 3.2. =head1 COPYRIGHT -Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/provider-signature.pod b/doc/man7/provider-signature.pod index 38d3320d18..b5b8f54ab8 100644 --- a/doc/man7/provider-signature.pod +++ b/doc/man7/provider-signature.pod @@ -375,6 +375,8 @@ Section 4 "Security Considerations". The default value for nonce B as defined in FIPS 186-4 Section 6.3 "Secret Number Generation". +The FIPS provider does not support deterministic digital signature generation. + =item "kat" (B) Sets a flag to modify the sign operation to return an error if the initial @@ -441,7 +443,7 @@ The provider SIGNATURE interface was introduced in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/provider.pod b/doc/man7/provider.pod index a061fc4709..0754a0912b 100644 --- a/doc/man7/provider.pod +++ b/doc/man7/provider.pod @@ -227,6 +227,27 @@ MODE is only present where applicable. Other aliases may exist for example where standards bodies or common practice use alternative names or names that OpenSSL has used historically. +=head3 Provider dependencies + +Providers may depend for their proper operation on the availability of +(functionality implemented in) other providers. As there is no mechanism to +express such dependencies towards the OpenSSL core, provider authors must +take care that such dependencies are either completely avoided or made visible +to users, e.g., by documentation and/or defensive programming, e.g., +outputting error messages if required external dependencies are not available, +e.g., when no provider implementing the required functionality has been +activated. In particular, provider initialization should not depend on other +providers already having been initialized. + +=head3 Note on naming clashes + +It is possible to register the same algorithm name from within different +providers. Users should note that if no property query is specified, or +more than one implementation matches the property query then it is +unspecified which implementation of a particular algorithm will be returned. +Such naming clashes may also occur if algorithms only differ in +capitalization as L is case insensitive. + =head1 OPENSSL PROVIDERS OpenSSL provides a number of its own providers. These are the default, base, diff --git a/engines/e_afalg.c b/engines/e_afalg.c index 06f9b11633..e31555ea08 100644 --- a/engines/e_afalg.c +++ b/engines/e_afalg.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -165,7 +165,7 @@ static ossl_inline int io_getevents(aio_context_t ctx, long min, long max, ts32.tv_sec = (__kernel_long_t) timeout->tv_sec; ts32.tv_nsec = (__kernel_long_t) timeout->tv_nsec; - return syscall(__NR_io_getevents, ctx, min, max, events, ts32); + return syscall(__NR_io_getevents, ctx, min, max, events, &ts32); } else { return syscall(__NR_io_getevents, ctx, min, max, events, NULL); } diff --git a/engines/e_dasync.c b/engines/e_dasync.c index 4d92fef704..5f809e8321 100644 --- a/engines/e_dasync.c +++ b/engines/e_dasync.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/engines/e_loader_attic.c b/engines/e_loader_attic.c index 84dff6e2c3..154f36cbdd 100644 --- a/engines/e_loader_attic.c +++ b/engines/e_loader_attic.c @@ -983,7 +983,7 @@ static OSSL_STORE_LOADER_CTX *file_open_ex #ifdef _WIN32 /* Windows "file:" URIs with a drive letter start with a '/' */ if (p[0] == '/' && p[2] == ':' && p[3] == '/') { - char c = tolower(p[1]); + char c = tolower((unsigned char)p[1]); if (c >= 'a' && c <= 'z') { p++; diff --git a/exporters/build.info b/exporters/build.info index 86acf2df94..9241dc9b0a 100644 --- a/exporters/build.info +++ b/exporters/build.info @@ -19,7 +19,7 @@ DEPEND[openssl.pc]=libcrypto.pc libssl.pc DEPEND[""]=openssl.pc GENERATE[../installdata.pm]=../util/mkinstallvars.pl \ - "PREFIX=$(INSTALLTOP)" BINDIR=bin "LIBDIR=$(LIBDIR)" \ + "PREFIX=$(INSTALLTOP)" BINDIR=bin "LIBDIR=$(LIBDIR)" "libdir=$(libdir)" \ INCLUDEDIR=include APPLINKDIR=include/openssl \ "ENGINESDIR=$(ENGINESDIR)" "MODULESDIR=$(MODULESDIR)" \ "PKGCONFIGDIR=$(PKGCONFIGDIR)" "CMAKECONFIGDIR=$(CMAKECONFIGDIR)" \ diff --git a/exporters/cmake/OpenSSLConfig.cmake.in b/exporters/cmake/OpenSSLConfig.cmake.in index 2d2321931d..766aebe3d4 100644 --- a/exporters/cmake/OpenSSLConfig.cmake.in +++ b/exporters/cmake/OpenSSLConfig.cmake.in @@ -89,12 +89,15 @@ unset(_ossl_undefined_targets) # Set up the import path, so all other import paths are made relative this file get_filename_component(_ossl_prefix "${CMAKE_CURRENT_LIST_FILE}" PATH) {- - # For each component in $OpenSSL::safe::installdata::CMAKECONFIGDIR_REL, have CMake - # out the parent directory. - my $d = unixify($OpenSSL::safe::installdata::CMAKECONFIGDIR_REL); + # For each component in $OpenSSL::safe::installdata::CMAKECONFIGDIR[0] relative to + # $OpenSSL::safe::installdata::PREFIX[0], have CMake figure out the parent directory. + my $d = join('/', unixify(catdir($OpenSSL::safe::installdata::LIBDIR_REL_PREFIX[0], + $OpenSSL::safe::installdata::CMAKECONFIGDIR_REL_LIBDIR[0]), 1)); $OUT = ''; - $OUT .= 'get_filename_component(_ossl_prefix "${_ossl_prefix}" PATH)' . "\n" - foreach (split '/', $d); + if ($d ne '.') { + $OUT .= 'get_filename_component(_ossl_prefix "${_ossl_prefix}" PATH)' . "\n" + foreach (split '/', $d); + } -} if(_ossl_prefix STREQUAL "/") set(_ossl_prefix "") @@ -126,13 +129,15 @@ set(OPENSSL_VERSION_FIX "${OpenSSL_VERSION_PATCH}") set(OPENSSL_FOUND YES) # Directories and names -set(OPENSSL_INCLUDE_DIR "${_ossl_prefix}/{- unixify($OpenSSL::safe::installdata::INCLUDEDIR_REL, 1); -}") -set(OPENSSL_LIBRARY_DIR "${_ossl_prefix}/{- unixify($OpenSSL::safe::installdata::LIBDIR_REL, 1); -}") -set(OPENSSL_ENGINES_DIR "${_ossl_prefix}/{- unixify($OpenSSL::safe::installdata::ENGINESDIR_REL, 1); -}") -set(OPENSSL_MODULES_DIR "${_ossl_prefix}/{- unixify($OpenSSL::safe::installdata::MODULESDIR_REL, 1); -}") -set(OPENSSL_RUNTIME_DIR "${_ossl_prefix}/{- unixify($OpenSSL::safe::installdata::BINDIR_REL, 1); -}") +set(OPENSSL_LIBRARY_DIR "${_ossl_prefix}/{- unixify($OpenSSL::safe::installdata::LIBDIR_REL_PREFIX[0], 1); -}") +set(OPENSSL_INCLUDE_DIR{- $OUT = ''; + $OUT .= ' "${_ossl_prefix}/' . $_ . '"' + foreach (@OpenSSL::safe::installdata::INCLUDEDIR_REL_PREFIX); -}) +set(OPENSSL_ENGINES_DIR "${_ossl_prefix}/{- unixify($OpenSSL::safe::installdata::LIBDIR_REL_PREFIX[0], 1); -}/{- unixify($OpenSSL::safe::installdata::ENGINESDIR_REL_LIBDIR[0], 1); -}") +set(OPENSSL_MODULES_DIR "${_ossl_prefix}/{- unixify($OpenSSL::safe::installdata::LIBDIR_REL_PREFIX[0], 1); -}/{- unixify($OpenSSL::safe::installdata::MODULESDIR_REL_LIBDIR[0], 1); -}") +set(OPENSSL_RUNTIME_DIR "${_ossl_prefix}/{- unixify($OpenSSL::safe::installdata::BINDIR_REL_PREFIX[0], 1); -}") {- output_off() if $disabled{uplink}; "" -} -set(OPENSSL_APPLINK_SOURCE "${_ossl_prefix}/{- unixify($OpenSSL::safe::installdata::APPLINKDIR_REL, 1); -}/applink.c") +set(OPENSSL_APPLINK_SOURCE "${_ossl_prefix}/{- unixify($OpenSSL::safe::installdata::APPLINKDIR_REL_PREFIX[0], 1); -}/applink.c") {- output_on() if $disabled{uplink}; "" -} set(OPENSSL_PROGRAM "${OPENSSL_RUNTIME_DIR}/{- platform->bin('openssl') -}") diff --git a/exporters/pkg-config/libcrypto.pc.in b/exporters/pkg-config/libcrypto.pc.in index 14ed339f3c..3d56e97418 100644 --- a/exporters/pkg-config/libcrypto.pc.in +++ b/exporters/pkg-config/libcrypto.pc.in @@ -1,11 +1,27 @@ -libdir={- $OpenSSL::safe::installdata::LIBDIR -} -includedir={- $OpenSSL::safe::installdata::INCLUDEDIR -} -enginesdir={- $OpenSSL::safe::installdata::ENGINESDIR -} -modulesdir={- $OpenSSL::safe::installdata::MODULESDIR -} +prefix={- $OpenSSL::safe::installdata::PREFIX[0] -} +exec_prefix=${prefix} +libdir={- if (defined $OpenSSL::safe::installdata::LIBDIR_REL_PREFIX[0]) { + my $x = ''; + $x = '/' . $OpenSSL::safe::installdata::LIBDIR_REL_PREFIX[0] + if $OpenSSL::safe::installdata::LIBDIR_REL_PREFIX[0]; + '${exec_prefix}' . $x; + } else { + $OpenSSL::safe::installdata::libdir[0]; + } -} +includedir={- $OUT = ''; + $OUT .= '${prefix}/' . $_ . ' ' + foreach (@OpenSSL::safe::installdata::INCLUDEDIR_REL_PREFIX); -} +enginesdir=${libdir}/{- $OpenSSL::safe::installdata::ENGINESDIR_REL_LIBDIR[0] -} +modulesdir=${libdir}/{- $OpenSSL::safe::installdata::MODULESDIR_REL_LIBDIR[0] -} Name: OpenSSL-libcrypto Description: OpenSSL cryptography library Version: {- $OpenSSL::safe::installdata::VERSION -} Libs: -L${libdir} -lcrypto Libs.private: {- join(' ', @OpenSSL::safe::installdata::LDLIBS) -} -Cflags: -I${includedir} +Cflags:{- $OUT = ' -I${includedir}'; + if (scalar @OpenSSL::safe::installdata::INCLUDEDIR_REL_PREFIX > 1) { + $OUT = ''; + $OUT .= ' -I${prefix}/' . $_ . ' ' + foreach (@OpenSSL::safe::installdata::INCLUDEDIR_REL_PREFIX); + } -} diff --git a/exporters/pkg-config/libssl.pc.in b/exporters/pkg-config/libssl.pc.in index a7828b3cc6..162db65c99 100644 --- a/exporters/pkg-config/libssl.pc.in +++ b/exporters/pkg-config/libssl.pc.in @@ -1,9 +1,25 @@ -libdir={- $OpenSSL::safe::installdata::LIBDIR -} -includedir={- $OpenSSL::safe::installdata::INCLUDEDIR -} +prefix={- $OpenSSL::safe::installdata::PREFIX[0] -} +exec_prefix=${prefix} +libdir={- if (defined $OpenSSL::safe::installdata::LIBDIR_REL_PREFIX[0]) { + my $x = ''; + $x = '/' . $OpenSSL::safe::installdata::LIBDIR_REL_PREFIX[0] + if $OpenSSL::safe::installdata::LIBDIR_REL_PREFIX[0]; + '${exec_prefix}' . $x; + } else { + $OpenSSL::safe::installdata::libdir[0]; + } -} +includedir={- $OUT = ''; + $OUT .= '${prefix}/' . $_ . ' ' + foreach (@OpenSSL::safe::installdata::INCLUDEDIR_REL_PREFIX); -} Name: OpenSSL-libssl Description: Secure Sockets Layer and cryptography libraries Version: {- $OpenSSL::safe::installdata::VERSION -} Requires.private: libcrypto Libs: -L${libdir} -lssl -Cflags: -I${includedir} +Cflags:{- $OUT = ' -I${includedir}'; + if (scalar @OpenSSL::safe::installdata::INCLUDEDIR_REL_PREFIX > 1) { + $OUT = ''; + $OUT .= ' -I${prefix}/' . $_ . ' ' + foreach (@OpenSSL::safe::installdata::INCLUDEDIR_REL_PREFIX); + } -} diff --git a/exporters/pkg-config/openssl.pc.in b/exporters/pkg-config/openssl.pc.in index dbb77aa39a..73eb8e73c2 100644 --- a/exporters/pkg-config/openssl.pc.in +++ b/exporters/pkg-config/openssl.pc.in @@ -1,5 +1,16 @@ -libdir={- $OpenSSL::safe::installdata::LIBDIR -} -includedir={- $OpenSSL::safe::installdata::INCLUDEDIR -} +prefix={- $OpenSSL::safe::installdata::PREFIX[0] -} +exec_prefix=${prefix} +libdir={- if (defined $OpenSSL::safe::installdata::LIBDIR_REL_PREFIX[0]) { + my $x = ''; + $x = '/' . $OpenSSL::safe::installdata::LIBDIR_REL_PREFIX[0] + if $OpenSSL::safe::installdata::LIBDIR_REL_PREFIX[0]; + '${exec_prefix}' . $x; + } else { + $OpenSSL::safe::installdata::libdir[0]; + } -} +includedir={- $OUT = ''; + $OUT .= '${prefix}/' . $_ . ' ' + foreach (@OpenSSL::safe::installdata::INCLUDEDIR_REL_PREFIX); -} Name: OpenSSL Description: Secure Sockets Layer and cryptography libraries and tools diff --git a/fuzz/asn1.c b/fuzz/asn1.c index d55554b7fd..f7a019774b 100644 --- a/fuzz/asn1.c +++ b/fuzz/asn1.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/fuzz/bignum.c b/fuzz/bignum.c index d7c3716aac..08da6fb197 100644 --- a/fuzz/bignum.c +++ b/fuzz/bignum.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -52,11 +52,12 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) */ if (len > 2) { len -= 3; - l1 = (buf[0] * len) / 255; + /* limit l1, l2, and l3 to be no more than 512 bytes */ + l1 = ((buf[0] * len) / 255) % 512; ++buf; - l2 = (buf[0] * (len - l1)) / 255; + l2 = ((buf[0] * (len - l1)) / 255) % 512; ++buf; - l3 = len - l1 - l2; + l3 = (len - l1 - l2) % 512; s1 = buf[0] & 1; s3 = buf[0] & 4; diff --git a/fuzz/decoder.c b/fuzz/decoder.c index 1a6558dbb3..6d8ddbe640 100644 --- a/fuzz/decoder.c +++ b/fuzz/decoder.c @@ -1,5 +1,5 @@ /* - * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -64,10 +64,20 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) EVP_PKEY_free(pkey2); ctx = EVP_PKEY_CTX_new(pkey, NULL); - EVP_PKEY_param_check(ctx); + /* + * Param check will take too long time on large DH parameters. + * Skip it. + */ + if ((!EVP_PKEY_is_a(pkey, "DH") && !EVP_PKEY_is_a(pkey, "DHX")) + || EVP_PKEY_get_bits(pkey) <= 2048) + EVP_PKEY_param_check(ctx); + EVP_PKEY_public_check(ctx); - EVP_PKEY_private_check(ctx); - EVP_PKEY_pairwise_check(ctx); + /* Private and pairwise checks are unbounded, skip for large keys. */ + if (EVP_PKEY_get_bits(pkey) <= 4096) { + EVP_PKEY_private_check(ctx); + EVP_PKEY_pairwise_check(ctx); + } OPENSSL_assert(ctx != NULL); EVP_PKEY_CTX_free(ctx); EVP_PKEY_free(pkey); diff --git a/fuzz/dtlsclient.c b/fuzz/dtlsclient.c index 4c41d5efc3..0e239d991d 100644 --- a/fuzz/dtlsclient.c +++ b/fuzz/dtlsclient.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/fuzz/dtlsserver.c b/fuzz/dtlsserver.c index 65bf540c25..68ddb1e6e6 100644 --- a/fuzz/dtlsserver.c +++ b/fuzz/dtlsserver.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/fuzz/quic-rcidm.c b/fuzz/quic-rcidm.c index 825fe0c2fd..82b34ea3de 100644 --- a/fuzz/quic-rcidm.c +++ b/fuzz/quic-rcidm.c @@ -1,5 +1,5 @@ /* - * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/fuzz/x509.c b/fuzz/x509.c index e2d2639164..d3fd0efd6f 100644 --- a/fuzz/x509.c +++ b/fuzz/x509.c @@ -78,9 +78,13 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) resp = d2i_OCSP_RESPONSE(NULL, &p, len); store = X509_STORE_new(); + if (store == NULL) + goto err; X509_STORE_add_cert(store, x509_2); param = X509_VERIFY_PARAM_new(); + if (param == NULL) + goto err; X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_NO_CHECK_TIME); X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_X509_STRICT); X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_PARTIAL_CHAIN); diff --git a/gost-engine b/gost-engine index 2a8a5e0eca..ede3886cc5 160000 --- a/gost-engine +++ b/gost-engine @@ -1 +1 @@ -Subproject commit 2a8a5e0ecaa3e3d6f4ec722a49aa72476755c2b7 +Subproject commit ede3886cc5507c2ba000ab9b057f198da03e8766 diff --git a/include/crypto/aes_platform.h b/include/crypto/aes_platform.h index cf4a94b86e..65fd694a60 100644 --- a/include/crypto/aes_platform.h +++ b/include/crypto/aes_platform.h @@ -1,5 +1,5 @@ /* - * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -65,7 +65,7 @@ void AES_xts_decrypt(const unsigned char *inp, unsigned char *out, size_t len, # ifdef VPAES_ASM # define VPAES_CAPABLE (OPENSSL_ppccap_P & PPC_ALTIVEC) # endif -# if !defined(OPENSSL_SYS_AIX) && !defined(OPENSSL_SYS_MACOSX) +# if !defined(OPENSSL_SYS_MACOSX) # define HWAES_CAPABLE (OPENSSL_ppccap_P & PPC_CRYPTO207) # define HWAES_set_encrypt_key aes_p8_set_encrypt_key # define HWAES_set_decrypt_key aes_p8_set_decrypt_key @@ -75,6 +75,8 @@ void AES_xts_decrypt(const unsigned char *inp, unsigned char *out, size_t len, # define HWAES_ctr32_encrypt_blocks aes_p8_ctr32_encrypt_blocks # define HWAES_xts_encrypt aes_p8_xts_encrypt # define HWAES_xts_decrypt aes_p8_xts_decrypt +# endif /* OPENSSL_SYS_MACOSX */ +# if !defined(OPENSSL_SYS_AIX) && !defined(OPENSSL_SYS_MACOSX) # define PPC_AES_GCM_CAPABLE (OPENSSL_ppccap_P & PPC_MADD300) # define AES_GCM_ENC_BYTES 128 # define AES_GCM_DEC_BYTES 128 diff --git a/include/crypto/bn.h b/include/crypto/bn.h index 48859683fe..d9733963db 100644 --- a/include/crypto/bn.h +++ b/include/crypto/bn.h @@ -1,5 +1,5 @@ /* - * Copyright 2014-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -73,6 +73,9 @@ int bn_set_words(BIGNUM *a, const BN_ULONG *words, int num_words); */ int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_MONT_CTX *mont, BN_CTX *ctx); +int bn_mod_exp_mont_fixed_top(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *in_mont); int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, BN_CTX *ctx); int bn_from_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, @@ -87,6 +90,14 @@ int bn_lshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n); int bn_rshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n); int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx); +int ossl_bn_mask_bits_fixed_top(BIGNUM *a, int n); +int ossl_bn_is_word_fixed_top(const BIGNUM *a, const BN_ULONG w); +int ossl_bn_priv_rand_range_fixed_top(BIGNUM *r, const BIGNUM *range, + unsigned int strength, BN_CTX *ctx); +int ossl_bn_gen_dsa_nonce_fixed_top(BIGNUM *out, const BIGNUM *range, + const BIGNUM *priv, + const unsigned char *message, + size_t message_len, BN_CTX *ctx); #define BN_PRIMETEST_COMPOSITE 0 #define BN_PRIMETEST_COMPOSITE_WITH_FACTOR 1 diff --git a/include/crypto/cmserr.h b/include/crypto/cmserr.h index a7fcf11fa9..f53530ae23 100644 --- a/include/crypto/cmserr.h +++ b/include/crypto/cmserr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/crypto/evp.h b/include/crypto/evp.h index 5e05385d9f..50ad737fc8 100644 --- a/include/crypto/evp.h +++ b/include/crypto/evp.h @@ -1,5 +1,5 @@ /* - * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/crypto/rsa.h b/include/crypto/rsa.h index cb7f84b301..592efdb7fc 100644 --- a/include/crypto/rsa.h +++ b/include/crypto/rsa.h @@ -1,5 +1,5 @@ /* - * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/crypto/sm4_platform.h b/include/crypto/sm4_platform.h index 928dc17ff0..3df1b4256d 100644 --- a/include/crypto/sm4_platform.h +++ b/include/crypto/sm4_platform.h @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -38,7 +38,7 @@ static inline int vpsm4_ex_capable(void) # define HWSM4_cbc_encrypt sm4_v8_cbc_encrypt # define HWSM4_ecb_encrypt sm4_v8_ecb_encrypt # define HWSM4_ctr32_encrypt_blocks sm4_v8_ctr32_encrypt_blocks -# elif defined(__riscv) && __riscv_xlen == 64 +# elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 64 /* RV64 support */ # include "riscv_arch.h" /* Zvksed extension (vector crypto SM4). */ diff --git a/include/crypto/x509.h b/include/crypto/x509.h index eb34a3f9a7..18eb2f7c63 100644 --- a/include/crypto/x509.h +++ b/include/crypto/x509.h @@ -1,5 +1,5 @@ /* - * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/internal/common.h b/include/internal/common.h index 2530ff0412..b176a27494 100644 --- a/include/internal/common.h +++ b/include/internal/common.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/internal/constant_time.h b/include/internal/constant_time.h index 0ed6f823c1..2b49afe1ea 100644 --- a/include/internal/constant_time.h +++ b/include/internal/constant_time.h @@ -1,5 +1,5 @@ /* - * Copyright 2014-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -140,6 +140,29 @@ static ossl_inline uint64_t constant_time_lt_64(uint64_t a, uint64_t b) return constant_time_msb_64(a ^ ((a ^ b) | ((a - b) ^ b))); } +#ifdef BN_ULONG +static ossl_inline BN_ULONG constant_time_msb_bn(BN_ULONG a) +{ + return 0 - (a >> (sizeof(a) * 8 - 1)); +} + +static ossl_inline BN_ULONG constant_time_lt_bn(BN_ULONG a, BN_ULONG b) +{ + return constant_time_msb_bn(a ^ ((a ^ b) | ((a - b) ^ b))); +} + +static ossl_inline BN_ULONG constant_time_is_zero_bn(BN_ULONG a) +{ + return constant_time_msb_bn(~a & (a - 1)); +} + +static ossl_inline BN_ULONG constant_time_eq_bn(BN_ULONG a, + BN_ULONG b) +{ + return constant_time_is_zero_bn(a ^ b); +} +#endif + static ossl_inline unsigned int constant_time_ge(unsigned int a, unsigned int b) { diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h index 64851fd8ed..a4fa4ce8d0 100644 --- a/include/internal/cryptlib.h +++ b/include/internal/cryptlib.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -130,6 +130,7 @@ void ossl_lib_ctx_default_deinit(void); OSSL_EX_DATA_GLOBAL *ossl_lib_ctx_get_ex_data_global(OSSL_LIB_CTX *ctx); const char *ossl_lib_ctx_get_descriptor(OSSL_LIB_CTX *libctx); +CRYPTO_THREAD_LOCAL *ossl_lib_ctx_get_rcukey(OSSL_LIB_CTX *libctx); OSSL_LIB_CTX *ossl_crypto_ex_data_get_ossl_lib_ctx(const CRYPTO_EX_DATA *ad); int ossl_crypto_new_ex_data_ex(OSSL_LIB_CTX *ctx, int class_index, void *obj, diff --git a/include/internal/e_os.h b/include/internal/e_os.h index 24e7a9553e..003d63e17f 100644 --- a/include/internal/e_os.h +++ b/include/internal/e_os.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/internal/json_enc.h b/include/internal/json_enc.h index 5767b3e575..e7d9a6d922 100644 --- a/include/internal/json_enc.h +++ b/include/internal/json_enc.h @@ -1,5 +1,5 @@ /* - * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/internal/ktls.h b/include/internal/ktls.h index 80f2cfec54..072653dc5e 100644 --- a/include/internal/ktls.h +++ b/include/internal/ktls.h @@ -1,5 +1,5 @@ /* - * Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/internal/list.h b/include/internal/list.h index 902047641f..a40f7fe6c2 100644 --- a/include/internal/list.h +++ b/include/internal/list.h @@ -20,33 +20,33 @@ # define OSSL_LIST_DBG(x) x; # endif -# define LIST_FOREACH_FROM(p, name, init) \ +# define OSSL_LIST_FOREACH_FROM(p, name, init) \ for ((p) = (init); \ (p) != NULL; \ (p) = ossl_list_##name##_next(p)) -# define LIST_FOREACH(p, name, l) \ - LIST_FOREACH_FROM(p, name, ossl_list_##name##_head(l)) +# define OSSL_LIST_FOREACH(p, name, l) \ + OSSL_LIST_FOREACH_FROM(p, name, ossl_list_##name##_head(l)) -# define LIST_FOREACH_REV_FROM(p, name, init) \ +# define OSSL_LIST_FOREACH_REV_FROM(p, name, init) \ for ((p) = (init); \ (p) != NULL; \ (p) = ossl_list_##name##_prev(p)) -# define LIST_FOREACH_REV(p, name, l) \ - LIST_FOREACH_FROM(p, name, ossl_list_##name##_tail(l)) +# define OSSL_LIST_FOREACH_REV(p, name, l) \ + OSSL_LIST_FOREACH_FROM(p, name, ossl_list_##name##_tail(l)) -# define LIST_FOREACH_DELSAFE_FROM(p, pn, name, init) \ +# define OSSL_LIST_FOREACH_DELSAFE_FROM(p, pn, name, init) \ for ((p) = (init); \ (p) != NULL && (((pn) = ossl_list_##name##_next(p)), 1); \ (p) = (pn)) -#define LIST_FOREACH_DELSAFE(p, pn, name, l) \ - LIST_FOREACH_DELSAFE_FROM(p, pn, name, ossl_list_##name##_head(l)) +#define OSSL_LIST_FOREACH_DELSAFE(p, pn, name, l) \ + OSSL_LIST_FOREACH_DELSAFE_FROM(p, pn, name, ossl_list_##name##_head(l)) -# define LIST_FOREACH_REV_DELSAFE_FROM(p, pn, name, init) \ +# define OSSL_LIST_FOREACH_REV_DELSAFE_FROM(p, pn, name, init) \ for ((p) = (init); \ (p) != NULL && (((pn) = ossl_list_##name##_prev(p)), 1); \ (p) = (pn)) -# define LIST_FOREACH_REV_DELSAFE(p, pn, name, l) \ - LIST_FOREACH_REV_DELSAFE_FROM(p, pn, name, ossl_list_##name##_tail(l)) +# define OSSL_LIST_FOREACH_REV_DELSAFE(p, pn, name, l) \ + OSSL_LIST_FOREACH_REV_DELSAFE_FROM(p, pn, name, ossl_list_##name##_tail(l)) /* Define a list structure */ # define OSSL_LIST(name) OSSL_LIST_ ## name diff --git a/include/internal/qlog.h b/include/internal/qlog.h index f6960ec1cc..b81bfe7e4b 100644 --- a/include/internal/qlog.h +++ b/include/internal/qlog.h @@ -1,5 +1,5 @@ /* - * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/internal/qlog_event_helpers.h b/include/internal/qlog_event_helpers.h index 83defe043b..43d6236080 100644 --- a/include/internal/qlog_event_helpers.h +++ b/include/internal/qlog_event_helpers.h @@ -1,5 +1,5 @@ /* - * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/internal/qlog_events.h b/include/internal/qlog_events.h index e79b952461..6dd44bf365 100644 --- a/include/internal/qlog_events.h +++ b/include/internal/qlog_events.h @@ -1,5 +1,5 @@ /* - * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/internal/quic_channel.h b/include/internal/quic_channel.h index 236d4a8dba..3b373ab680 100644 --- a/include/internal/quic_channel.h +++ b/include/internal/quic_channel.h @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/internal/quic_demux.h b/include/internal/quic_demux.h index 158c2ecff3..d0781e61cf 100644 --- a/include/internal/quic_demux.h +++ b/include/internal/quic_demux.h @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/internal/quic_error.h b/include/internal/quic_error.h index 29f5e424f4..86d1c692b4 100644 --- a/include/internal/quic_error.h +++ b/include/internal/quic_error.h @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/internal/quic_fc.h b/include/internal/quic_fc.h index db55bb7455..923bd43bc3 100644 --- a/include/internal/quic_fc.h +++ b/include/internal/quic_fc.h @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/internal/quic_fifd.h b/include/internal/quic_fifd.h index a0354bdf78..c1644e4d8e 100644 --- a/include/internal/quic_fifd.h +++ b/include/internal/quic_fifd.h @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/internal/quic_rcidm.h b/include/internal/quic_rcidm.h index 8eeaaf550e..fd102241b2 100644 --- a/include/internal/quic_rcidm.h +++ b/include/internal/quic_rcidm.h @@ -1,5 +1,5 @@ /* -* Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. +* Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/internal/quic_reactor.h b/include/internal/quic_reactor.h index 47d93eee06..a6fdb7d123 100644 --- a/include/internal/quic_reactor.h +++ b/include/internal/quic_reactor.h @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/internal/quic_record_rx.h b/include/internal/quic_record_rx.h index 92ab77eaac..001509bd58 100644 --- a/include/internal/quic_record_rx.h +++ b/include/internal/quic_record_rx.h @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/internal/quic_record_tx.h b/include/internal/quic_record_tx.h index 3f1de5d90e..e84523f895 100644 --- a/include/internal/quic_record_tx.h +++ b/include/internal/quic_record_tx.h @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/internal/quic_ssl.h b/include/internal/quic_ssl.h index 54e8a2e7e3..4fc7a21a52 100644 --- a/include/internal/quic_ssl.h +++ b/include/internal/quic_ssl.h @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/internal/quic_stream_map.h b/include/internal/quic_stream_map.h index 41d2eb345d..745d9c03d4 100644 --- a/include/internal/quic_stream_map.h +++ b/include/internal/quic_stream_map.h @@ -1,5 +1,5 @@ /* -* Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. +* Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -503,6 +503,41 @@ static ossl_inline ossl_unused int ossl_quic_stream_recv_get_final_size(const QU } } +/* + * Determines the number of bytes available still to be read, and (if + * include_fin is 1) whether a FIN or reset has yet to be read. + */ +static ossl_inline ossl_unused int ossl_quic_stream_recv_pending(const QUIC_STREAM *s, + int include_fin) +{ + size_t avail; + int fin = 0; + + switch (s->recv_state) { + default: + case QUIC_RSTREAM_STATE_NONE: + return 0; + + case QUIC_RSTREAM_STATE_RECV: + case QUIC_RSTREAM_STATE_SIZE_KNOWN: + case QUIC_RSTREAM_STATE_DATA_RECVD: + if (!ossl_quic_rstream_available(s->rstream, &avail, &fin)) + avail = 0; + + if (avail == 0 && include_fin && fin) + avail = 1; + + return avail; + + case QUIC_RSTREAM_STATE_RESET_RECVD: + return include_fin; + + case QUIC_RSTREAM_STATE_DATA_READ: + case QUIC_RSTREAM_STATE_RESET_READ: + return 0; + } +} + /* * QUIC Stream Map * =============== diff --git a/include/internal/quic_txp.h b/include/internal/quic_txp.h index 9c05acc9a5..607cefc010 100644 --- a/include/internal/quic_txp.h +++ b/include/internal/quic_txp.h @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/internal/quic_txpim.h b/include/internal/quic_txpim.h index 7219f21ef6..5df6ad46cb 100644 --- a/include/internal/quic_txpim.h +++ b/include/internal/quic_txpim.h @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/internal/rcu.h b/include/internal/rcu.h index 31a270222d..90160e8da7 100644 --- a/include/internal/rcu.h +++ b/include/internal/rcu.h @@ -1,5 +1,5 @@ /* - * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,11 +11,13 @@ # define OPENSSL_RCU_H # pragma once +#include "crypto/context.h" + typedef void (*rcu_cb_fn)(void *data); typedef struct rcu_lock_st CRYPTO_RCU_LOCK; -CRYPTO_RCU_LOCK *ossl_rcu_lock_new(int num_writers); +CRYPTO_RCU_LOCK *ossl_rcu_lock_new(int num_writers, OSSL_LIB_CTX *ctx); void ossl_rcu_lock_free(CRYPTO_RCU_LOCK *lock); void ossl_rcu_read_lock(CRYPTO_RCU_LOCK *lock); void ossl_rcu_write_lock(CRYPTO_RCU_LOCK *lock); diff --git a/include/internal/refcount.h b/include/internal/refcount.h index d23bbb9eb9..3740a034e1 100644 --- a/include/internal/refcount.h +++ b/include/internal/refcount.h @@ -1,5 +1,5 @@ /* - * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -26,6 +26,12 @@ # define HAVE_ATOMICS 1 +# if defined(__has_feature) +# if __has_feature(thread_sanitizer) +# define OSSL_TSAN_BUILD +# endif +# endif + typedef struct { _Atomic int val; } CRYPTO_REF_COUNT; @@ -48,15 +54,23 @@ static inline int CRYPTO_UP_REF(CRYPTO_REF_COUNT *refcnt, int *ret) */ static inline int CRYPTO_DOWN_REF(CRYPTO_REF_COUNT *refcnt, int *ret) { - *ret = atomic_fetch_sub_explicit(&refcnt->val, 1, memory_order_relaxed) - 1; +# ifdef OSSL_TSAN_BUILD + /* + * TSAN requires acq_rel as it indicates a false positive error when + * the object that contains the refcount is freed otherwise. + */ + *ret = atomic_fetch_sub_explicit(&refcnt->val, 1, memory_order_acq_rel) - 1; +# else + *ret = atomic_fetch_sub_explicit(&refcnt->val, 1, memory_order_release) - 1; if (*ret == 0) atomic_thread_fence(memory_order_acquire); +# endif return 1; } static inline int CRYPTO_GET_REF(CRYPTO_REF_COUNT *refcnt, int *ret) { - *ret = atomic_load_explicit(&refcnt->val, memory_order_relaxed); + *ret = atomic_load_explicit(&refcnt->val, memory_order_acquire); return 1; } @@ -76,7 +90,7 @@ static __inline__ int CRYPTO_UP_REF(CRYPTO_REF_COUNT *refcnt, int *ret) static __inline__ int CRYPTO_DOWN_REF(CRYPTO_REF_COUNT *refcnt, int *ret) { - *ret = __atomic_fetch_sub(&refcnt->val, 1, __ATOMIC_RELAXED) - 1; + *ret = __atomic_fetch_sub(&refcnt->val, 1, __ATOMIC_RELEASE) - 1; if (*ret == 0) __atomic_thread_fence(__ATOMIC_ACQUIRE); return 1; @@ -109,7 +123,7 @@ static __inline int CRYPTO_DOWN_REF(CRYPTO_REF_COUNT *refcnt, int *ret) static __inline int CRYPTO_GET_REF(CRYPTO_REF_COUNT *refcnt, int *ret) { - *ret = _InterlockedOr((void *)&refcnt->val, 0); + *ret = _InterlockedExchangeAdd((void *)&refcnt->val, 0); return 1; } @@ -135,15 +149,13 @@ static __inline int CRYPTO_UP_REF(CRYPTO_REF_COUNT *refcnt, int *ret) static __inline int CRYPTO_DOWN_REF(CRYPTO_REF_COUNT *refcnt, int *ret) { - *ret = _InterlockedExchangeAdd_nf(&refcnt->val, -1) - 1; - if (*ret == 0) - __dmb(_ARM_BARRIER_ISH); + *ret = _InterlockedExchangeAdd(&refcnt->val, -1) - 1; return 1; } static __inline int CRYPTO_GET_REF(CRYPTO_REF_COUNT *refcnt, int *ret) { - *ret = _InterlockedOr_nf((void *)&refcnt->val, 0); + *ret = _InterlockedExchangeAdd_acq((void *)&refcnt->val, 0); return 1; } @@ -285,7 +297,7 @@ static ossl_unused ossl_inline void CRYPTO_FREE_REF(CRYPTO_REF_COUNT *refcnt) # define REF_PRINT_EX(text, count, object) \ OSSL_TRACE3(REF_COUNT, "%p:%4d:%s\n", (object), (count), (text)); -# define REF_PRINT_COUNT(text, object) \ - REF_PRINT_EX(text, object->references.val, (void *)object) +# define REF_PRINT_COUNT(text, val, object) \ + REF_PRINT_EX(text, val, (void *)object) #endif diff --git a/include/internal/safe_math.h b/include/internal/safe_math.h index be37e6ab88..ecfb281f40 100644 --- a/include/internal/safe_math.h +++ b/include/internal/safe_math.h @@ -16,8 +16,10 @@ # ifndef OPENSSL_NO_BUILTIN_OVERFLOW_CHECKING # ifdef __has_builtin # define has(func) __has_builtin(func) -# elif __GNUC__ > 5 -# define has(func) 1 +# elif defined(__GNUC__) +# if __GNUC__ > 5 +# define has(func) 1 +# endif # endif # endif /* OPENSSL_NO_BUILTIN_OVERFLOW_CHECKING */ diff --git a/include/internal/sockets.h b/include/internal/sockets.h index 2550c56bd0..f51c1b075a 100644 --- a/include/internal/sockets.h +++ b/include/internal/sockets.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -190,14 +190,8 @@ typedef size_t socklen_t; /* Currently appears to be missing on VMS */ # define readsocket(s,b,n) read((s),(b),(n)) # define writesocket(s,b,n) write((s),(char *)(b),(n)) # elif defined(OPENSSL_SYS_TANDEM) -# if defined(OPENSSL_TANDEM_FLOSS) -# include -# define readsocket(s,b,n) floss_read((s),(b),(n)) -# define writesocket(s,b,n) floss_write((s),(b),(n)) -# else -# define readsocket(s,b,n) read((s),(b),(n)) -# define writesocket(s,b,n) write((s),(b),(n)) -# endif +# define readsocket(s,b,n) read((s),(b),(n)) +# define writesocket(s,b,n) write((s),(b),(n)) # define ioctlsocket(a,b,c) ioctl(a,b,c) # define closesocket(s) close(s) # else diff --git a/include/internal/thread_arch.h b/include/internal/thread_arch.h index 0994433e7d..aba9362e8d 100644 --- a/include/internal/thread_arch.h +++ b/include/internal/thread_arch.h @@ -1,5 +1,5 @@ /* - * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/asn1err.h b/include/openssl/asn1err.h index 61f90b4376..8fd85ed881 100644 --- a/include/openssl/asn1err.h +++ b/include/openssl/asn1err.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/bio.h.in b/include/openssl/bio.h.in index a118aeeece..440d838e62 100644 --- a/include/openssl/bio.h.in +++ b/include/openssl/bio.h.in @@ -1,7 +1,7 @@ /* * {- join("\n * ", @autowarntext) -} * - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/cmp.h.in b/include/openssl/cmp.h.in index da82a3f419..ad9eb3429d 100644 --- a/include/openssl/cmp.h.in +++ b/include/openssl/cmp.h.in @@ -1,7 +1,7 @@ /* * {- join("\n * ", @autowarntext) -} * - * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright Nokia 2007-2019 * Copyright Siemens AG 2015-2019 * diff --git a/include/openssl/cmperr.h b/include/openssl/cmperr.h index 90222e4dac..0d876e501c 100644 --- a/include/openssl/cmperr.h +++ b/include/openssl/cmperr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/cmserr.h b/include/openssl/cmserr.h index 887035b1bf..5cfe07dbb3 100644 --- a/include/openssl/cmserr.h +++ b/include/openssl/cmserr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -49,6 +49,7 @@ # define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE 114 # define CMS_R_ERROR_SETTING_KEY 115 # define CMS_R_ERROR_SETTING_RECIPIENTINFO 116 +# define CMS_R_ERROR_UNSUPPORTED_STATIC_KEY_AGREEMENT 196 # define CMS_R_ESS_SIGNING_CERTID_MISMATCH_ERROR 183 # define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH 117 # define CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER 176 diff --git a/include/openssl/e_os2.h b/include/openssl/e_os2.h index e01f62751d..f1e17958ab 100644 --- a/include/openssl/e_os2.h +++ b/include/openssl/e_os2.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -228,6 +228,7 @@ typedef INT32 int32_t; typedef UINT32 uint32_t; typedef INT64 int64_t; typedef UINT64 uint64_t; +typedef UINTN uintptr_t; # elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \ defined(__osf__) || defined(__sgi) || defined(__hpux) || \ defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__) diff --git a/include/openssl/hpke.h b/include/openssl/hpke.h index ab32d9d892..482acd22c3 100644 --- a/include/openssl/hpke.h +++ b/include/openssl/hpke.h @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/http.h b/include/openssl/http.h index 4f58652cc1..339b567dcd 100644 --- a/include/openssl/http.h +++ b/include/openssl/http.h @@ -1,5 +1,5 @@ /* - * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright Siemens AG 2018-2020 * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -35,9 +35,10 @@ extern "C" { # ifndef OPENSSL_NO_HTTP -#define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024) -#define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024) -#define OSSL_HTTP_DEFAULT_MAX_RESP_HDR_LINES 256 +# define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024) +# define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024) +# define OSSL_HTTP_DEFAULT_MAX_CRL_LEN (32 * 1024 * 1024) +# define OSSL_HTTP_DEFAULT_MAX_RESP_HDR_LINES 256 /* Low-level HTTP API */ diff --git a/include/openssl/lhash.h.in b/include/openssl/lhash.h.in index 363ea9cacb..63a9c53bfa 100644 --- a/include/openssl/lhash.h.in +++ b/include/openssl/lhash.h.in @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/quic.h b/include/openssl/quic.h index f66d643261..3dc2f5e747 100644 --- a/include/openssl/quic.h +++ b/include/openssl/quic.h @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/self_test.h b/include/openssl/self_test.h index 719865fda2..17822049ac 100644 --- a/include/openssl/self_test.h +++ b/include/openssl/self_test.h @@ -1,5 +1,5 @@ /* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in index 988e637dda..442d5cbc3c 100644 --- a/include/openssl/ssl.h.in +++ b/include/openssl/ssl.h.in @@ -1,7 +1,7 @@ /* * {- join("\n * ", @autowarntext) -} * - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h index 980a6c7b2f..ec35df64e5 100644 --- a/include/openssl/sslerr.h +++ b/include/openssl/sslerr.h @@ -308,10 +308,12 @@ # define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086 # define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 # define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 +# define SSL_R_TLSV1_ALERT_NO_APPLICATION_PROTOCOL 1120 # define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 # define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070 # define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022 # define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 +# define SSL_R_TLSV1_ALERT_UNKNOWN_PSK_IDENTITY 1115 # define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 # define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 # define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 diff --git a/include/openssl/sslerr_legacy.h b/include/openssl/sslerr_legacy.h index 929835c29b..4c353671c7 100644 --- a/include/openssl/sslerr_legacy.h +++ b/include/openssl/sslerr_legacy.h @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index 7e3d1a725b..5329338efa 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -231,6 +231,8 @@ extern "C" { # define TLSEXT_max_fragment_length_1024 2 # define TLSEXT_max_fragment_length_2048 3 # define TLSEXT_max_fragment_length_4096 4 +/* OpenSSL value for unset maximum fragment length extension */ +# define TLSEXT_max_fragment_length_UNSPECIFIED 255 /* * TLS Certificate Type (for RFC7250) diff --git a/include/openssl/x509_vfy.h.in b/include/openssl/x509_vfy.h.in index 2166ef0b06..a396193b86 100644 --- a/include/openssl/x509_vfy.h.in +++ b/include/openssl/x509_vfy.h.in @@ -1,7 +1,7 @@ /* * {- join("\n * ", @autowarntext) -} * - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/krb5 b/krb5 index aa9b4a2a64..784c38f50e 160000 --- a/krb5 +++ b/krb5 @@ -1 +1 @@ -Subproject commit aa9b4a2a64046afd2fab7cb49c346295874a5fb6 +Subproject commit 784c38f50e70a739400cdd3f2620bac2e2788e6c diff --git a/ms/uplink-x86_64.pl b/ms/uplink-x86_64.pl index 8b28949ccf..e27e74536b 100755 --- a/ms/uplink-x86_64.pl +++ b/ms/uplink-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2008-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/oqs-provider b/oqs-provider index 8c746d7e29..c0ee292723 160000 --- a/oqs-provider +++ b/oqs-provider @@ -1 +1 @@ -Subproject commit 8c746d7e294d6948c2f361a8f2fa376a63a2db30 +Subproject commit c0ee292723fa1b37f86a42ddfdd804c35cc49ff3 diff --git a/os-dep/Apple/PrivacyInfo.xcprivacy b/os-dep/Apple/PrivacyInfo.xcprivacy new file mode 100644 index 0000000000..285dd5beba --- /dev/null +++ b/os-dep/Apple/PrivacyInfo.xcprivacy @@ -0,0 +1,23 @@ + + + + + NSPrivacyAccessedAPITypes + + + NSPrivacyAccessedAPIType + NSPrivacyAccessedAPICategoryFileTimestamp + NSPrivacyAccessedAPITypeReasons + + C617.1 + + + + NSPrivacyCollectedDataTypes + + NSPrivacyTrackingDomains + + NSPrivacyTracking + + + diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums index fc38dce27e..383494ae6c 100644 --- a/providers/fips-sources.checksums +++ b/providers/fips-sources.checksums @@ -12,6 +12,9 @@ a2466f18da5847c7d9fbced17524633c10ce024671a72f53f9c9c55b9b9923dd crypto/aes/aes f1244cdeadcb4e48f35bc5df19d4cfaf07e0086ad951b84f07ff6966501faa5b crypto/aes/asm/aes-ppc.pl 538ce0e80698d773c9419a9ca8892d61bc5b3cd1b071c5fc5f315d7f5573e96d crypto/aes/asm/aes-riscv32-zkn.pl b5cdd6858b1eff7d17b29b78ac8c4a7642c0a74710f8b50821a6265328845aaf crypto/aes/asm/aes-riscv64-zkn.pl +e1f3805332eb811d9d0c9377b67fe0681063364f1af84d8598f7daa30da65b4d crypto/aes/asm/aes-riscv64-zvbb-zvkg-zvkned.pl +ecd9bdfaf25cdd3d8ec0c50cb4306d98374da1c6056e27e0cf31a057dc5ee150 crypto/aes/asm/aes-riscv64-zvkb-zvkned.pl +d372152dac004b96a89f8531256bd05597ca0b614b444bb02aee93238dcf83ab crypto/aes/asm/aes-riscv64-zvkned.pl f0388e17ba4268ed0b562da60e0780072180a824a379b79fafb60e25b8da3b52 crypto/aes/asm/aes-riscv64.pl ecbfe826f4c514810c3ee20e265f4f621149694c298554b2682e5de4f029f14f crypto/aes/asm/aes-s390x.pl ee4e8cacef972942d2a89c1a83c984df9cad87c61a54383403c5c4864c403ba1 crypto/aes/asm/aes-sparcv9.pl @@ -22,11 +25,11 @@ c56c324667b67d726e040d70379efba5b270e2937f403c1b5979018b836903c7 crypto/aes/asm 1d3acabadedb88d1327eeb76201ea9b3f4814f44898018ffae6c73e3f400b89b crypto/aes/asm/aesni-sha256-x86_64.pl 4ff74d4e629a88ef5a9e3d3f5b340fc0a4793d16d7cc7f1b70da62512a856248 crypto/aes/asm/aesni-x86.pl c7c6694480bb5319690f94826139a93f5c460ebea6dba101b520a76cb956ec93 crypto/aes/asm/aesni-x86_64.pl -f3a8f3c960c0f47aaa8fc2633d18b14e7c7feeccc536b0115a08bc58333122b6 crypto/aes/asm/aesp8-ppc.pl +0489a10fbb1a8ca3652848d5c1e14e519501e189bad3e5827a573c26df359691 crypto/aes/asm/aesp8-ppc.pl e397a5781893e97dd90a5a52049633be12a43f379ec5751bca2a6350c39444c8 crypto/aes/asm/aest4-sparcv9.pl -030dd54699b6ab0d71db5a436489ef3265d358337259798ef9d0ee690c182386 crypto/aes/asm/aesv8-armx.pl +629483b289f6812f2f73bc320f8146c7a910edc5a83e8cec6da8f73805a14f2a crypto/aes/asm/aesv8-armx.pl 5e8005fdb6641df465bdda20c3476f7176e6bcd63d5073044a0c02a327c7f172 crypto/aes/asm/bsaes-armv7.pl -9b9c9d7541edb49dcb9fe331f91fca1b6a1e14cc204c07b8cc2b530da8719279 crypto/aes/asm/bsaes-armv8.pl +270a0cd4c80a0cde53538009037916a330348addfdd87870d41ab40f9ddbc451 crypto/aes/asm/bsaes-armv8.pl 0726a2c4c15c27a12b2f7d5e16863df4a1b1daa7b7d9b728f621b2b224d290e6 crypto/aes/asm/bsaes-x86_64.pl 762cadf988080f45d1a2f1232058688ac3f5afe76767649d15513a7a5eedcf38 crypto/aes/asm/vpaes-armv8.pl 14146589f53dc898fa86aeffd0e0ba36737b04da26ab0b14c1da09a28836c8f8 crypto/aes/asm/vpaes-loongarch64.pl @@ -35,13 +38,13 @@ c3541865cd02d81101cdbab4877ed82772e6980d2c677b9008b38fa1b26d36d4 crypto/aes/asm 060bb6620f50af9afecdf97df051b45b9a50be9daf343dfec1cbb29693ce00a4 crypto/aes/asm/vpaes-x86_64.pl 2bc67270155e2d6c7da87d9070e005ee79cea18311004907edfd6a078003532a crypto/alphacpuid.pl 269e52f8867c13ca75d2f88ec1f89b692cb8c6c3ee89abe2fd3c1821925191d8 crypto/arm64cpuid.pl -5d8595338d4ae8bbaba81dab36c00b325abccf5c4a51b7d1b6c622ac893792de crypto/armcap.c -b0f528db5658d7c98657eb322bf78e326202f43da88f7c56ada053a494be9977 crypto/armv4cpuid.pl +4890754d4236be78327f99ab1244ce4593cd1e98750e4a35f8e9374809a1b65e crypto/armcap.c +d9f923daabe7537d1063b182f9f220655abd182ef4c55a0194a7ee8d6030b5bd crypto/armv4cpuid.pl 16739d54200fb81ca7835b5814f965022a2ab41589c7787e2697e3ea72d4fafa crypto/asn1_dsa.c 819c9fd2b0cae9aab81c3cbd1815c2e22949d75f132f649b5883812d0bbaa39a crypto/bn/asm/alpha-mont.pl -ccca12612deaa8b3792ade2fc912731fad1b5b7e8b39875e51159fec97b93d9e crypto/bn/asm/armv4-gf2m.pl -281767fa5ad336aca9887867012fbee9003340c59ff0b39340870ccd8124d976 crypto/bn/asm/armv4-mont.pl -12203c1af986c729fc227832ed03b103e56bdac2568878e5635ab037be01609a crypto/bn/asm/armv8-mont.pl +565edec9b6fa0702c07ab2f7507b0a45fb2ab649ed509fd79013ea7378bb5891 crypto/bn/asm/armv4-gf2m.pl +5469ab174b62361c6ced8f5c1007c462700761c1aae72f0d2928ca39e57d47a1 crypto/bn/asm/armv4-mont.pl +f763e3a2937542f6b5d0c07be1ec4faafb668a8a1b4ed2f86a1c25be97984fde crypto/bn/asm/armv8-mont.pl cb4ad7b7461fcb8e2a0d52881158d0211b79544842d4eae36fc566869a2d62c8 crypto/bn/asm/bn-586.pl 636da7e2a66272a81f9c99e90b36c6f132ad6236c739e8b9f2e7315f30b72edd crypto/bn/asm/c64xplus-gf2m.pl c86664fb974362ee52a454c83c2c4b23fd5b7d64b3c9e23ef1e0dfd130a46ee5 crypto/bn/asm/co-586.pl @@ -84,38 +87,38 @@ da7f7780d27eed164797e5334cd45b35d9c113e86afaca051463aef9a8fd787c crypto/bn/asm/ f53d3804456b787be45ace2b33b7a323e5e4fb6cfbe3aa3b6696e3ce0a640baa crypto/bn/bn_ctx.c d94295953ab91469fe2b9da2a542b8ea11ac38551ecde8f8202b7f645c2dea16 crypto/bn/bn_dh.c 74b63a4515894592b7241fb30b91b21510beaa3d397809e3d74bc9a73e879d18 crypto/bn/bn_div.c -569dd0efeac8ced359c96732c694cab8ed8f75e2e6a0e34997c0a4b60e31d0d3 crypto/bn/bn_exp.c +903d6b82179db9a92776b1417b011cac7daca208e1c81c8136004fcbb046faf7 crypto/bn/bn_exp.c ec2b6e3af6df473a23e7f1a8522f2554cb0eb5d34e3282458c4a66d242278434 crypto/bn/bn_exp2.c -7af02a3a30897311fee695fc42af67091ea4cd03abe6d911cf3381d5dbc05f58 crypto/bn/bn_gcd.c -e37be15f771ab0b1da741266b0081190436edc9b7eb5298be4a0aca0d4c47ada crypto/bn/bn_gf2m.c +c9f09aff5b6ba70ca966ca0a0f8f07db980487dd53abf04f52b61f37d8dcd2fb crypto/bn/bn_gcd.c +6c5c69c03d5390467aecb5344c7928f62122e47a4e0e2742af9ee1610dd233a1 crypto/bn/bn_gf2m.c 73ee247467879d4ec984c9900dfe7761233c5b889b8762be37c7e8fdd6d1d210 crypto/bn/bn_intern.c 602ed46fbfe12c899dfb7d9d99ff0dbfff96b454fce3cd02817f3e2488dd9192 crypto/bn/bn_kron.c -18840c8a7996b619a871efdc834d28556e210b8bddddef606a901f094c45fe81 crypto/bn/bn_lib.c +31e592daf19a9031b89df69fa84c85b5f9b7393c3edbc60b55cd93be469a3bb9 crypto/bn/bn_lib.c d5beb9fbac2ff5dc3ccbdfa4d1aabca7225c778cff4e3b05b6d6c63e182637f5 crypto/bn/bn_local.h -b76134e0b4cff3e706cfd018b038439de6f69b75015d8c276a2831c0a9c1623e crypto/bn/bn_mod.c +23c47b51cbdab1a8a8e3f3504fae2ceb36c7c227e264d7f4d4fc11c1e0ecdbaf crypto/bn/bn_mod.c 7ddcb7b9b2b008d6f31783c7697d77dd3188d9f643ca948cf49a805d770c3a14 crypto/bn/bn_mont.c 2da73a76b746a47d8cf8ec8b3e0708c2a34e810abde4b4f1241a49e7f5bb2b60 crypto/bn/bn_mpi.c 76982b18b0803d59b33168b260677e7412970757d3b9513de5c80025290f211d crypto/bn/bn_mul.c -1f65ad369352d51af1a75eccf598cb497b400ebd86252f5ca8aac54bbb3cc7bd crypto/bn/bn_nist.c +b3677b73ac29aab660c9a549f7af154ca14347fac5cffd43b153a75211f1373f crypto/bn/bn_nist.c 5377e9596c3b9a3153ce75004599dce1f0fef23612d4e086cc936a87d4d5fa99 crypto/bn/bn_prime.c c56ad3073108a0de21c5820a48beae2bccdbf5aa8075ec21738878222eb9adc3 crypto/bn/bn_prime.h -3dd5ce6ddea13d04a9470625af35328319d1a5f3a963183095edf3add314b7e0 crypto/bn/bn_rand.c +4e1f3e71cdb05d41608224d1837da6f261d5f60a570be1045c10738e1e6646ff crypto/bn/bn_rand.c b5cc902624b3af2149c9ea91f9d18bea56302144e87dfe49105ec6789b73764b crypto/bn/bn_recp.c 669a157968afe07588507a2e9e35c1c4df9c2b0a95cd9c21404b0bfa21be0d37 crypto/bn/bn_rsa_fips186_4.c -704b0b4723e5c9e9bae5f3e35f9ae8ae8dca3383929e954de9e5169845abfdb2 crypto/bn/bn_shift.c +6889866bca4673bccb8adf870859a867757ccd3c8ad4652675615afff710add3 crypto/bn/bn_shift.c 622e90766b29e0d25f46474429aebda8eba2246835b9e85dc26da7cdbd49334f crypto/bn/bn_sqr.c 42c8ce944c889abcfcf089d0ad2744b7587696d8d7785efa91b3f7ec53dc062a crypto/bn/bn_sqrt.c 24e62baa56e02f2db6454e10168b7c7fa7638db9221b9acda1803d43f38f36e0 crypto/bn/bn_word.c ec684bfc01a74492150e930fe6d6cc5586be48b9674bbd7a492efa517d04c340 crypto/bn/rsaz_exp.c c4d64da1cdc732ea918fccd6a7bb2746b03365dd26f7ba1e74e08c307ca4c58e crypto/bn/rsaz_exp.h -55266c387202fd4f90bebfe7bb93c550b23b78dc3a90edcc668e5dbf480f916c crypto/bn/rsaz_exp_x2.c +b176c420308bd4a185a28e549016ffba5f72edf9dba4dacec34c9883f3ddae22 crypto/bn/rsaz_exp_x2.c 834db8ff36006e5cb53e09ca6c44290124bd23692f4341ea6563b66fcade4cea crypto/bsearch.c 82117f6a7cfc31fc86ecd9629bd3bf614126b8e8b2c23717a03ff5c1db7c3c5c crypto/buffer/buffer.c 5f43844b5d8665de9ab895f93599150a327d73ec2674bbf7d7c512d30163022d crypto/c64xpluscpuid.pl -40bd11fbe3de4c0fcf16639a3dcfe0f26e3bf447c79f59ec59d7dfc77350a956 crypto/cmac/cmac.c -a6e8cf30340ffaec8aec41dfbef7341afe21e7b13e48899403c529368c0ec6fa crypto/context.c +ad82132a10f0d4e13672ebed29fc40905717fd83716d1feb7d9b8d86a2192fb6 crypto/cmac/cmac.c +e3c8ab4771df7af24ae15085e65af9ef8fcb201b4be3a6d4ecfe631fa819fd84 crypto/context.c 67c2367871b9350a7f7af5be903d6bcca9ebdbff0e9a9bd9f61b56bef5b76696 crypto/core_algorithm.c -f0fd9eb38bf7f196bbb4d26ce8fdf86d0a4f9db219157e66b2c0ffefb4f42005 crypto/core_fetch.c +f0c88643860c3369e45fa4da5d6fb351f437665612056c9b138fb02d8825cec6 crypto/core_fetch.c 2f03908edadddc55a61e4cfb4d76751a342f61aad564971df37a6b90c7b2a26f crypto/core_namemap.c a7f86c1495a140e5dc2acb737c5ff835691ead833842e0a37bbfc2116530b246 crypto/cpuid.c a6732e22ccb49cf51fc9dbf23f6059774b70ecc3d7e848c5df112a2d3c179027 crypto/cryptlib.c @@ -129,21 +132,21 @@ eeef5722ad56bf1af2ff71681bcc8b8525bc7077e973c98cee920ce9bcc66c81 crypto/des/ecb 61926e30dd940616e80936d1c94c5f522daf0d475fb3a40a9e589e78f322901e crypto/des/set_key.c 8344811b14d151f6cd40a7bc45c8f4a1106252b119c1d5e6a589a023f39b107d crypto/des/spr.h a54b1b60cf48ca89dfb3f71d299794dd6c2e462c576b0fe583d1448f819c80ea crypto/dh/dh_backend.c -d2d0569bea2598bd405f23b60e5283a6ce353f1145a25ff8f28cf15711743156 crypto/dh/dh_check.c +24cf9462da6632c52b726041271f8a43dfb3f74414abe460d9cc9c7fd2fd2d7d crypto/dh/dh_check.c c117ac4fd24369c7813ac9dc9685640700a82bb32b0f7e038e85afd6c8db75c7 crypto/dh/dh_gen.c 6b17861887b2535159b9e6ca4f927767dad3e71b6e8be50055bc784f78e92d64 crypto/dh/dh_group_params.c a539a8930035fee3b723d74a1d13e931ff69a2b523c83d4a2d0d9db6c78ba902 crypto/dh/dh_kdf.c -dbb82807f63ef2d9b3cc7b18165091b7c1b90f01b53e03090e4327edcac82001 crypto/dh/dh_key.c -518edbe8171bd80102869826640abdab5430c47c4cb3f2ad4dfb7c4118833721 crypto/dh/dh_lib.c +af27b02f3fc5c176bc9f61bc9a67475c5a2a81bce4999f2676311a96059b8dbd crypto/dh/dh_key.c +7eae94965827bc5b0178269e85c77d6671c85255dc1f05e90b0f14500c765cce crypto/dh/dh_lib.c 8300775d88db0a1aa26a77eb49d6c4f7252e7fee69e1440de4c40edadc9da044 crypto/dh/dh_local.h bbcf4fc3067ac462a27d7277973180b7dc140df9262a686c7fbe4318ca01f7b8 crypto/dsa/dsa_backend.c -b9c5992089203123c3fae46e39bb4d05e19854087bca7a30ad1f82a3505deec7 crypto/dsa/dsa_check.c +786d6c65ced7ee4e25f5dd7c3150259ec95b6aa321a7590d905757b8139f8230 crypto/dsa/dsa_check.c ae727bf6319eb57e682de35d75ea357921987953b3688365c710e7fba51c7c58 crypto/dsa/dsa_gen.c 9978d27e9fc8ff152830ebb781f71338e56a5e116f29c1c2d59a5a112d86362a crypto/dsa/dsa_key.c -e67efe8c8e93681ba18e9f9cacf2ca71c36455ffe983df366b585dd453668038 crypto/dsa/dsa_lib.c +7d44106570c0ff9a44de874ea2daeaa87ea4c814fef6af0a26f655120a54f529 crypto/dsa/dsa_lib.c f261f9d4f83ecc51ab58de89083e9af4ba4a4c922ccd06b0d628f4b60fc104ec crypto/dsa/dsa_local.h -f44f24a3f41c58067d49a80f15f314583522d86bcd741b4dd88b78582df3f748 crypto/dsa/dsa_ossl.c -9776be9ac89d4ea1ed33c2055166a12bff474bc6669660b24da61a63a137cc1b crypto/dsa/dsa_sign.c +d270b56fd894090319c9491ef745c34bc43add82daecf742916c64a4e956c765 crypto/dsa/dsa_ossl.c +3a38575de4b1409653f330f241848e6c7b554dec44c2415a5ae1baf90fb47ac0 crypto/dsa/dsa_sign.c 53fa10cc87ac63e35df661882852dc46ae68e6fee83b842f1aeefe00b8900ee1 crypto/dsa/dsa_vrf.c 62fbc4465a5b37dc794bee277dd216d77917e715c2bb5d37a7e1735e80ad0f8d crypto/ec/asm/ecp_nistp384-ppc64.pl d9722ad8c6b6e209865a921f3cda831d09bf54a55cacd1edd9802edb6559190a crypto/ec/asm/ecp_nistp521-ppc64.pl @@ -153,14 +156,13 @@ d9722ad8c6b6e209865a921f3cda831d09bf54a55cacd1edd9802edb6559190a crypto/ec/asm/ cfe7e75a2fddc87a7251684469a8808b9da82b2f5725eafad5806920f89932bd crypto/ec/asm/ecp_nistz256-sparcv9.pl 922725c4761cfa567af6ed9ecab04f2c7729ae2595f2fc0fa46dc67879dc87b0 crypto/ec/asm/ecp_nistz256-x86.pl ac327475c7ec828d11aa05628b4e3b81ec3b1400f30fe7bec01daf3cf71f2dc9 crypto/ec/asm/ecp_nistz256-x86_64.pl -fc1eff2296d843eec4487321daec0cfb733bbb3ba91d34e75cbefabdad5705c7 crypto/ec/asm/ecp_sm2p256-armv8.pl cc727533130f5f1a29229929b3d4e8454585d647be25d6344f3c6a0240998368 crypto/ec/asm/x25519-ppc64.pl ee897e230964511baa0d1bf95fb938312407a40a88ebe01476879c2763e5f732 crypto/ec/asm/x25519-x86_64.pl 5fe1cfb5bb13a1aa838453101f5a9783cd6cdd0c5f904d5372a74750ac43c302 crypto/ec/curve25519.c 5daf9f524cd63dd95a2136535b27f2b3d90966562ea5766f4b2d1cd4fccf2502 crypto/ec/curve448/arch_32/f_impl32.c 063dac1e4a9573c47532123e9e03e3532a7473cc3e146521ba9ec6f486ddf3b1 crypto/ec/curve448/arch_64/arch_intrinsics.h 43423b7ee85a5c740c1d81499ee06f4a17732c7731a598e7429d5e402ee77cf4 crypto/ec/curve448/arch_64/f_impl.h -c3146bb6777776d39b89647e3dd3e8afc3d19338c75ff294d6986289cef59c40 crypto/ec/curve448/arch_64/f_impl64.c +75c8103fddef2b6a1b43245e7b4fa2fc8507aacc61dd8916d1a28e1c28c86623 crypto/ec/curve448/arch_64/f_impl64.c cba11345e742cd4eedead0505f92062916ece6fa688cdbdf6466fbea12a7b16c crypto/ec/curve448/curve448.c a6c70707c520234ccd111562f012e1abf83c43b20b3b36c339ef1ea0369a9e5f crypto/ec/curve448/curve448_local.h 178fb9863c33174b633c2e7607160b1bedb506d66cc06d53382d87431441f306 crypto/ec/curve448/curve448_tables.c @@ -175,80 +177,83 @@ f30e13bba5a136ab9ba5225c98b9b94c2cd73fb3aef60f9dcde3cd471cfa1ca4 crypto/ec/curv ae1637d89287c9d22a34bdc0d67f6e01262a2f8dcef9b61369dba8c334f5a80d crypto/ec/ec2_oct.c 9965a95c878438eb94bb0c21876b5a971f47b91f9d22f9c93cf7209a184cd1d1 crypto/ec/ec2_smpl.c a1f22814f501780591da20de5e724895438094824fce440fd026850c46ad8149 crypto/ec/ec_asn1.c -29783240b377e98006d21b13e984545aa296b26070fd74e77f7d75c01d2616f3 crypto/ec/ec_backend.c +6cf94285497da94ec3dee99670c57a0ca088bf445be17fa8e7a340de786acc42 crypto/ec/ec_backend.c 7f19cebad4a94db291464b0d93006a87d15ccec93b94f725052a1037107a96be crypto/ec/ec_check.c c85f4885f2892dcf074451b137efe0828e486ff5ceadae1fac9b2543fa2114a1 crypto/ec/ec_curve.c 8cfd0dcfb5acbf6105691a2d5e2826dba1ff3906707bc9dd6ff9bffcc306468f crypto/ec/ec_cvt.c -f4b1f679ca6da3e54121109d4f40b0c46a2366ef48bbf17d8e769f8baaa35f5f crypto/ec/ec_key.c +148bac4974fb07a1a4a2e35769e900630f62c9af9b73ed205de8cd134a39c6b5 crypto/ec/ec_key.c 93f35d2e21d49bb6780d200fda8486edd4a7123956337ba535720bb547a47c4a crypto/ec/ec_kmeth.c -1829428993aa5c51c6322d7d800cb13ccd566bf1f9e38d271f618f1a2315c3c5 crypto/ec/ec_lib.c +30ff1171e526facf09f3317ecf1597df633c22aa5c98690e3cd643e77693e269 crypto/ec/ec_lib.c eb2f08624819f5d5d865b954a1123a833bc18e9024980f5701125f230e6406b1 crypto/ec/ec_local.h -7417037d376a99498b3044982d72fbe07bcd2cc5b78f73c3665e87c9202af418 crypto/ec/ec_mult.c -5ad8b7c52f91416c5e93b96e1d19f6c0ba1bb8f99d1e382ac43025e8d060a278 crypto/ec/ec_oct.c +fd70a4598ab61576535d06417b3b3e367f928e6cc0b20b690326e64076c95068 crypto/ec/ec_mult.c +7a777b96560b44bbb9965f099ebc31ee6c8057b9778e854b0f9f3b4125f8dcda crypto/ec/ec_oct.c c7fba2f2c33f67dafa23caef8c3abd12f5336274a9a07d412b83be0366969ee6 crypto/ec/ecdh_kdf.c b86a943ae62145438a7214539ceb3e0de5a30e17a6e59742c6e30991db730ab6 crypto/ec/ecdh_ossl.c -e4ac26197ee79f3eed0a08be652bd6a363349e9798f4419a982850e3ba89c8c1 crypto/ec/ecdsa_ossl.c +8515ff7e69bc5387e97de76f3663f49c4901ab942d51b36035cf3f9e9c147406 crypto/ec/ecdsa_ossl.c b6baa42b16e8df69a12e0ab101033100cddc808ec2682ba1574373e6ec86ae93 crypto/ec/ecdsa_sign.c f686cea8c8a3259d95c1e6142813d9da47b6d624c62f26c7e4a16d5607cddb35 crypto/ec/ecdsa_vrf.c 141cfc1459214555b623517a054a9e8d5e4065a11301237b7247be2c6f397a0a crypto/ec/ecp_mont.c 13b30f34aeeb0c98747239bfe91b5f0f14e91b2c1f11db62ebb5950c7219daa0 crypto/ec/ecp_nist.c -b19d2ffc6a21405c125e7831a9c1385acad8eea283f52c6b57ac6c8728233ccf crypto/ec/ecp_nistz256.c +32f7168d87c3bc832b92e3dedb103c2e39ec4e2c18d3a236a609f15435495f9c crypto/ec/ecp_nistz256.c 51cb98e7e9c241e33261589f0d74103238baaa850e333c61ff1da360e127518a crypto/ec/ecp_oct.c 9cf3bacc8a990f6dffe369c28f2f47b192c8d17178185acec601e3fee5b05fac crypto/ec/ecp_smpl.c -aeb2c57685fd610dd1a9d176b70b42cd8d91a252a1e54d3b90b07406d9570883 crypto/ec/ecx_backend.c +43f81968983e9a466b7dc9cffe64302418703f7a66adcbac4b7c4d8cb19c9af5 crypto/ec/ecx_backend.c 5ee19c357c318b2948ff5d9118a626a6207af2b2eade7d8536051d4a522668d3 crypto/ec/ecx_backend.h -72caa2b7d2a54165fb35fea5ec7f5f230a3e9746fa71d56cb345e809bfdaf0a0 crypto/ec/ecx_key.c +11a03679f3c51c9db09c6a713ac39eb5126eb68a2908550b7df45332a756109d crypto/ec/ecx_key.c 64d0ed4018f874f6f88f60eea7b8cc093ebd2495172132603f759445d0bf0edc crypto/evp/asymcipher.c 0e75a058dcbbb62cfe39fec6c4a85385dc1a8fce794e4278ce6cebb29763b82b crypto/evp/dh_support.c -d418a565008404e44f1b4324902cf57384dee9b1e01e897eaa072f7dcafce0cb crypto/evp/digest.c +8808a1f9caa06279e36e8e7b24fde97f64a4bc353c96248467a87b87a04fca6e crypto/evp/digest.c 838277f228cd3025cf95a9cd435e5606ad1fb5d207bbb057aa29892e6a657c55 crypto/evp/ec_support.c -3e724128a7589dd7cd354993493d6b38f95c64a5fb018c63058e0a7591623a63 crypto/evp/evp_enc.c -2531ea569aeb8805180a963373ed7eac52acc5eb45d12bda03316bb8a1a8ed47 crypto/evp/evp_fetch.c -f70344599d39e667978e939c553abd3a3dd6660541378d44e1c438f31f5d71a6 crypto/evp/evp_lib.c -33c1282761af93b4a17565dd30f8f031729ef09fc3d643b2a812f8c4ef0df570 crypto/evp/evp_local.h -cf82d0376e9550c0e5bfdddc8c1d6ebd0e9055c4ed3c70458cdf5a96ffee653c crypto/evp/evp_rand.c +2a24523f7aece1a4a32919fad7d2ba3beabe7b12c80c27ccd08ea642c5e0ff32 crypto/evp/evp_enc.c +7267c75b7d96f7adb85b4b18734dd5d19e59c80b1f96b2e3e4ce112af7763c5b crypto/evp/evp_fetch.c +2712a8b23eecd5e65afe53cacc7db7e31e17307f450ad6e6ebe005884109767b crypto/evp/evp_lib.c +69801f82d74205bb61ffae86dd07c1308581c3b4d7801a29ea662f8d3b4923fe crypto/evp/evp_local.h +eaaf795148c5dd99c4194d076c029c843f3aee0c37afeb0dac43a86fd931ac68 crypto/evp/evp_rand.c 2a128617ec0178e9eeacbe41d75a5530755f41ea524cd124607543cf73456a0c crypto/evp/evp_utils.c a9e940b29f3064e771eeafe9d4d0e6d1f7258cd61a57258faabdbe8121764986 crypto/evp/exchange.c 294284ad040fe4b74845f91b1903c961c757e1ef3fcc2ffa35f43f37f1655e64 crypto/evp/kdf_lib.c 9328c7ea06e0719aaff2d59c959d1b7907b9e6a337f784680e2e289e8c3e4328 crypto/evp/kdf_meth.c c67d90f42c4d2294ecd103bdb02296a13248ead4aebadc3aead0cb964e171d81 crypto/evp/kem.c -c4c8a30541a51d50872f03994829419a72d52c8207f9047fdc6fd28dfd43c057 crypto/evp/keymgmt_lib.c -43a8d931d2abceea1c009b62f93bd720fa33e261491d395ec6857462db4bef77 crypto/evp/keymgmt_meth.c +55d141a74405415ad21789abcace9557f1d1ef54cf207e99993bf0a801f4b81e crypto/evp/keymgmt_lib.c +e67ff632bc7c6881375f7d86ba777e5cc866beeb719b245447f8cee4da7a1594 crypto/evp/keymgmt_meth.c 41f2e8d9fca78dfce6116e659fdefbdeb590cee567d5f9681eb2c028c0b5c424 crypto/evp/m_sigver.c 2a1207fc3108d1aef4fc10f5d450dc344214f3cfff7a6e9688468c12846d4b64 crypto/evp/mac_lib.c 036307223518ec03a93c9e519cbad9903341bf105642b6b694a791d31a1f232c crypto/evp/mac_meth.c -91acfeae1ee4ac6ee1760a820d8ca6688087e77756e09e151e3bc17c76b12064 crypto/evp/p_lib.c +10bc9cad7a73fc0c3088863133fd0979587007661f2151cad22160e21b29c68b crypto/evp/p_lib.c 3b4228b92eebd04616ecc3ee58684095313dd5ffd1b43cf698a7d6c202cb4622 crypto/evp/pmeth_check.c 759573aea2a4cc7b6f763b440e6868bfcfcb7ca94d812fa61ab24a194be2cb36 crypto/evp/pmeth_gn.c 7d9dfc974d15a2b7e2c1c6c54a594f0a14ccdfe5e2e1afe84a3a52130ac8097b crypto/evp/pmeth_lib.c -76d005962440945c127571ca3b3ece7c55944828b41d48c0bd1b819bd40408ab crypto/evp/signature.c +b16d40bcc50a0f1d23747d48c486ed4d34f11a72ee8110034f22252fc797af3e crypto/evp/signature.c 64f7e366e681930ba10267272b87dba223b9744a01c27ba0504a4941802a580d crypto/ex_data.c d986ec74995b05ff65a68df320ab45894ba35d7be4906f8d78ca5fca294a4e6c crypto/ffc/ffc_backend.c a12af33e605315cdddd6d759e70cd9632f0f33682b9aa7103ed1ecd354fc7e55 crypto/ffc/ffc_dh.c 854378f57707e31ad02cca6eec94369f91f327288d3665713e249c12f7b13211 crypto/ffc/ffc_key_generate.c -2695c9c8ad9193a8c1ab53d5d09712d50d12c91eb8d62e8a15cbc78f327afe84 crypto/ffc/ffc_key_validate.c +4e973d956d4ec2087994de8e963be1a512da1441f22e6e7b9cd7ee536e3ff834 crypto/ffc/ffc_key_validate.c b6bc7a9c2887b459d2a4e202e3ca5d637ad169e023d7353be3d4ef6082fda96b crypto/ffc/ffc_params.c c9c635805b26d85e8c0c7720592fb04b674cde4339fcd94712a4403e8677cb41 crypto/ffc/ffc_params_generate.c 73dac805abab36cd9df53a421221c71d06a366a4ce479fa788be777f11b47159 crypto/ffc/ffc_params_validate.c 0a4fc92e408b0562cf95c480df93a9907a318a2c92356642903a5d50ed04fd88 crypto/hmac/hmac.c 0395c1b0834f2f4a0ca1756385f4dc1a4ef6fb925b2db3743df7f57256c5166f crypto/hmac/hmac_local.h 0e2d6129504d15ffaf5baa63158ccec0e4b6193a8275333956d8f868ef35127e crypto/ia64cpuid.S -3f123f7de496711fa60c47aeaef96640571dbcb1657b23901307e04c3d712579 crypto/initthread.c -ee895c071ffb217e0f223d5546ae84cadde6701af67e718e9af7f06af531fa42 crypto/lhash/lhash.c -5d49ce00fc06df1b64cbc139ef45c71e0faf08a33f966bc608c82d574521a49e crypto/lhash/lhash_local.h -a4f8f200ca749db91da97735c107836dfb2b623424b15c020ec6e48d874f4564 crypto/loongarch64cpuid.pl +c685813be6ad35b0861ba888670ef54aa2b399d003472698e39426de6e52db59 crypto/initthread.c +8727fbbb867fca990238ba37c17ae67e4b78a02769913425925ee841af5c0b07 crypto/lhash/lhash.c +22261096a117533e78012f5f18586b6a81edb3e09ae8b206b5eb9a0a5c054adc crypto/lhash/lhash_local.h +6bd06fa046a739d7b6e95ad915a9ff6b8b4952e3215dd0fb454f0463709cc053 crypto/loongarch64cpuid.pl 460a7af09cde89a820b091522ada1310cfcec99c60aee505f94c48c35e9a29e8 crypto/loongarchcap.c f866aafae928db1b439ac950dc90744a2397dfe222672fe68b3798396190c8b0 crypto/mem_clr.c 36e24eae5d38cc9666ae40e4e8a2dc12328e1159fea68447cb19dab174d25adf crypto/modes/asm/aes-gcm-armv8-unroll8_64.pl 580b90b1a2b4324afbe680c3ff59d58d0eff0b59511e5cf56fb119d2634c9a3b crypto/modes/asm/aes-gcm-armv8_64.pl -4fc1e83482ecc5c6cd01f1e1ccb7b84aa39993f1445e529062b7d4041a7eb190 crypto/modes/asm/aes-gcm-avx512.pl +4872c6bc2988f5307b4d8ce7ed87c98e7fb7e03503fe7144bc590ee234eb60f7 crypto/modes/asm/aes-gcm-avx512.pl 400a202abf66c6a3430965c38f7164ac297c856e8585862f59e3ff188bb35a6b crypto/modes/asm/aes-gcm-ppc.pl +dd0de5ca8913a941cfff781a42fba43227e133976a24d0fddebf63909f7e010a crypto/modes/asm/aes-gcm-riscv64-zvkb-zvkg-zvkned.pl 1d686af304f94743038f916125effcb51790c025f3165d8d37b526bbeee781f0 crypto/modes/asm/aesni-gcm-x86_64.pl c2e874a8deb418b5d8c935b2e256370566a5150e040c9fa008cdb5b463c26904 crypto/modes/asm/ghash-alpha.pl 6bc7d63569c73d7020ede481f2de05221ac92403c7cc11e7263ada7644f6aa9b crypto/modes/asm/ghash-armv4.pl 097975df63370de7ebea012d17de14fc1f361fb83acf03b432a99ae7d5bceb24 crypto/modes/asm/ghash-c64xplus.pl fdde3bc48b37790c6e0006014da71e7a831bbb4fdbfcda2d01dbe0ceb0ba88fa crypto/modes/asm/ghash-ia64.pl e472d73d06933667a51a0af973479993eed333c71b43af03095450acb36dbeb4 crypto/modes/asm/ghash-parisc.pl +e6d6ce559210aee1e97f098683e290c221cc90f6f4f8047b331e8071a8387559 crypto/modes/asm/ghash-riscv64-zvkb-zvbc.pl +4c960949a5b7688f9019e177c24382dd1e78f6d343f3c4326bebbc065eb3a9f2 crypto/modes/asm/ghash-riscv64-zvkg.pl 494b4b36fd7c7d0e464be76f723c46ae7ad173593ff0556525edfdc974e66c32 crypto/modes/asm/ghash-riscv64.pl 92071f9c046f312c4eb7df483f385bc71ade863392e1acf3e821912bcc5cfaa7 crypto/modes/asm/ghash-s390x.pl 6af1a05981e1d41e4dea51e58938360e3abc4a4f58e179908242466d032b1a8a crypto/modes/asm/ghash-sparcv9.pl @@ -260,70 +265,71 @@ a4e9f2e496bd9362b17a1b5989aa4682647cefcff6117f0607122a9e11a9dfd9 crypto/modes/a 1611e73dc1e01b5c2201f51756a7405b7673aa0bb872e2957d1ec80c3530486f crypto/modes/ccm128.c d8c2f256532a4b94db6d03aea5cb609cccc938069f644b2fc77c5015648d148d crypto/modes/cfb128.c af1c034152d82b29cb7c938c8516cfd136b62bac0908c1d40eb50790d23b288c crypto/modes/ctr128.c -7a7d80a718f353a00d3314074abb09040c6bc13ebed2ddf552b163cac14d9f1e crypto/modes/gcm128.c +d4ddb087eb4dd54b8e37a414e32d8a2d4e42a7cf2766fc2051e4e31acdf3419c crypto/modes/gcm128.c bdf25257b15eca206be4d950d2dd807ca5f058f91f54edbd7a0d312ed83eef8e crypto/modes/ofb128.c e55a816c356b2d526bc6e40c8b81afa02576e4d44c7d7b6bbe444fb8b01aad41 crypto/modes/wrap128.c 608a04f387be2a509b4d4ad414b7015ab833e56b85020e692e193160f36883a2 crypto/modes/xts128.c fb874ea18e9754dde11ef1c2993818074ff7cd8a74a981598745f7e11317bb91 crypto/modes/xts128gb.c -f89e6864ebbff6321e360a6543d45b5f30773a86217ef37c7dfc146b7aa49d4b crypto/o_str.c +28f3e418a5b64dc1e2860019155d7a1f275e78eae330b5ca7d909e860d63bac8 crypto/o_str.c b0decda3aae1d3e07cf3cbe9153cdde9deafe65fae346cd208951b4d7dec512e crypto/packet.c -fb60966da0d636a59921c7eeadebedb79caa9667eb1622330ab7e1f31a8d24eb crypto/param_build.c -fa2062acdb901c9b15904b5c8f805247bba8b0eaa935c35fdfbe8d53ff463a7a crypto/param_build_set.c -a267f41a7dead2b1f7ea35ad7d2d04db50cb75d0fb20fbc2fa72ba7ea4dc34a0 crypto/params.c +05563d44cb345e7859093296f95a3ea5139fcc316e98fcb86c6748ee49363a84 crypto/param_build.c +cae7bd4973d36edbdc3bdd8d2c8d157f2c4fcfae00fdf821b67aebb789bc8aa6 crypto/param_build_set.c +f6c684b42fd1fade17c46599068a43701fe447c60d789908b3af3519c4fcf084 crypto/params.c bb7b79b5a070050f5e7dfc66b5635f0891bc278e3e24eec3583b769b33bef657 crypto/params_dup.c -b2bd2b5cf3de2fe130223470da22fe4c1b08e75f0c10fcb7d0c089c9f9851f78 crypto/params_from_text.c -9e9b831ae8f2f2ef75b29152a0b65bc157f4717f928d23a403fa49e11432daf8 crypto/params_idx.c +da23f7014a60e3e37640b9128d57d8350b17fa8cde77b6f14d0d4ca0dee2b437 crypto/params_from_text.c +e3cc1fcbf42ed19a38fb0f84cb41795c94438768f36fda6f371d1f17d7b45740 crypto/params_idx.c c27b8c1659274be74e2d6e9fd76980df499d1331c0c2d51f41b3ad547ba88d59 crypto/ppccap.c 46fa4994a6234a98a2845d9337475913f6bc229f1928abc82224de7edf2784b8 crypto/ppccpuid.pl 467c416422ecf61e3b713c5eb259fdbcb4aa73ae8dee61804d0b85cfd3fff4f7 crypto/property/defn_cache.c -289f8d0569123201d700934663fabf7215079731a4ea2f5db7944a6cb80d9868 crypto/property/property.c +d48ce9b38720b4d0b118b83322c3344afd11a5ce6b31adf59c6584b5e02e3f6a crypto/property/property.c 66da4f28d408133fb544b14aeb9ad4913e7c5c67e2826e53f0dc5bf4d8fada26 crypto/property/property_local.h -988e14f794b50729aa9e809e1160d7c52cc77bc891df037ac19cefa946df20cc crypto/property/property_parse.c +0a84d66734df7515a6de2b8da744a398f11b977f8479076090e67357fa0eb51d crypto/property/property_parse.c a7cefda6a117550e2c76e0f307565ce1e11640b11ba10c80e469a837fd1212a3 crypto/property/property_query.c 20e69b9d594dfc443075eddbb0e6bcc0ed36ca51993cd50cc5a4f86eb31127f8 crypto/property/property_string.c -bf5e9f8e49672afc09f4130ba300844d4412f9e3467985f693da70e34f1a4f3a crypto/provider_core.c +5844196864db30e773fe555a679435614f5d6a6d22442c54fa10dea4c87628bd crypto/provider_core.c d0af10d4091b2032aac1b7db80f8c2e14fa7176592716b25b9437ab6b53c0a89 crypto/provider_local.h 5ba2e1c74ddcd0453d02e32612299d1eef18eff8493a7606c15d0dc3738ad1d9 crypto/provider_predefined.c -d2851ce0930b36e6f1fbc593a756d9a7c8097eb6b0ace163cecd917c8e9637dd crypto/rand/rand_lib.c +545387e63b5faac5488746100ba4a60a9d9e93e255de1cd7ea5cb99b9a3a142f crypto/rand/rand_lib.c fd03b9bb2c23470fa40880ed3bf9847bb17d50592101a78c0ad7a0f121209788 crypto/rand/rand_local.h -f67fcf8351b046a00cf1baea29aefab3b4fc9521e0ba508abdd1a9ca44de40c3 crypto/riscv32cpuid.pl -c0ff6a8ca7f52f759a945c4d475d00168b12386324e8177f301127b405ca793e crypto/riscv64cpuid.pl -a0870a2d4189788a4500227e7142f2fd9805357ecf083699273ef94b1f455ae3 crypto/riscvcap.c +426ba915ca65a770f8264129f8ac47db7aaf06c6ae51517c5d775eacdf91b9f6 crypto/rcu_internal.h +48f6a98e3d7e9ae79f2d2b8ea9965d0c4ec3b1a4473adbceb47fe1e7930dc3c1 crypto/riscv32cpuid.pl +f6c5a1440de995a115dbba5f732b294e2e6d94aa520687afd1e776af1ba48cf8 crypto/riscv64cpuid.pl +cf76d532c162fd3e98b9b338aac11788b6b1495c058a981a8b469b85528dcee5 crypto/riscvcap.c f0c8792a99132e0b9c027cfa7370f45594a115934cdc9e8f23bdd64abecaf7fd crypto/rsa/rsa_acvp_test_params.c -7d1f68c382438f49fc690cf3c8850277c024b708f1dfc772d22188250412d0ef crypto/rsa/rsa_backend.c +4409152474e1093be4d9c7685972d7ebe8c61ffdff11b78de47bd9889741daf8 crypto/rsa/rsa_backend.c 38a102cd1da1f6ca5a46e6a22f018237964336274385f5c70cbedcaa6997647e crypto/rsa/rsa_chk.c e762c599b17d5c89f4b1c9eb7d0ca1f04a95d815c86a3e72c30b231ce57fb199 crypto/rsa/rsa_crpt.c -e995da1c2e5007bd7f5907f369fe45ed15f4e657143a85078c755bd5e6863d0b crypto/rsa/rsa_gen.c -b8e4d0aca3bcf9290163a5ef19a8de92552ab70ce4fe28cf2a4ee04211289f6f crypto/rsa/rsa_lib.c -a65e85be5269d8cb88e86b3413c978fa8994419a671092cbf104ff1a08fda23b crypto/rsa/rsa_local.h +1b6109a48d2915310efba016cd7f7fdf40c88f61717e938e71fe41adc270ba46 crypto/rsa/rsa_gen.c +c3810c1b79b899e70e29179473d6d2fef0d02678035e720802269180560a4d7a crypto/rsa/rsa_lib.c +5ae8edaf654645996385fbd420ef73030762fc146bf41deb5294d6d83e257a16 crypto/rsa/rsa_local.h cf0b75cd54b61b9b9a290ef18d0ddce9fb26a029a54eb3f720d9b25188440f00 crypto/rsa/rsa_mp_names.c 5c60f6e05db82e13178d805deb1947b8eee4a905e6e77523d3b288da70a46bb5 crypto/rsa/rsa_none.c -d0538475c5ebd2b2c585dc33fdcfb9a7a2f59f623b7ab0f8a09344a439082dfc crypto/rsa/rsa_oaep.c +59fca779f9a9d68d40582654ab264000ef1abaf2fbad96424448f8c22db0f2e0 crypto/rsa/rsa_oaep.c 6adc9202558e531f4d78c75920882e916be27395dca386044a91adae5b331c64 crypto/rsa/rsa_ossl.c 54446a41065d85d22ed521285196bf285427a071d32d00d070b2248723c2a914 crypto/rsa/rsa_pk1.c cdf66a4964152e16b7da5b6631f31bd2d90bf730b5a46c2622d5279abdecabe1 crypto/rsa/rsa_pss.c bf6d300b7e7e9e512a47c5bd1f8713806ae3033a140d83dfae4a16ad58d11170 crypto/rsa/rsa_schemes.c 58db0509f34d970a2f206d468f718c17513970315d5d5ec92822fe6f4b6523fa crypto/rsa/rsa_sign.c -740c022caff3b2487c5838b581cdddcc7de2ceabb504aad72dc0dd70a67bf7cf crypto/rsa/rsa_sp800_56b_check.c -8eee673d98a640e30a245556ea046080d4272d20832f0c29157ec9a23cc43d3a crypto/rsa/rsa_sp800_56b_gen.c +83529424639f77832d2c189c0134ce514b35a296567ac1a2936a9c4ed6407239 crypto/rsa/rsa_sp800_56b_check.c +74cdef59c442939d53cde124d43a7f170d7934e4db621f899fbea66d051508f1 crypto/rsa/rsa_sp800_56b_gen.c 1c1c2aeeb18bf1d69e8f134315b7e50d8f43d30eb1aa5bf42983eec9136a2fdc crypto/rsa/rsa_x931.c -4bf7f5cbbf7bf0e6c904b8c4988d077842cdd6aed0ad184cbfa4d4b3bfee79af crypto/s390xcap.c +0cfca169d8071429d969d5beccd2b93f824202b4371f29344feb3e06800e3c77 crypto/s390xcap.c 22205848cfb55116ebf999dced8331b575886a609ce29e6886e6267b2310c337 crypto/s390xcpuid.pl 465f850c3d6f2e9410f2e1ee9604b1b5b80f99bae1f6c581161c2f7ebc2c6e41 crypto/self_test_core.c -05c533fde7fdba0c76103e97d881b7224c8427451b453e2f6413552996063e31 crypto/sha/asm/keccak1600-armv4.pl -e32c7d698a6f156544aa42443e359af67076097471d9a171177afc668e9ebc74 crypto/sha/asm/keccak1600-armv8.pl +8f31ece930473524b73fe7729a71cf925e8083ae8883c179d710c45ce748952a crypto/sha/asm/keccak1600-armv4.pl +5ba5c563815d9b3e90d2853bef0dab30d2ac12d24f4bb0c4a6c09f8d96fb0820 crypto/sha/asm/keccak1600-armv8.pl 12b7acce2fba0bc0e1ca07842ec84be6a022f141c86e077abb42c864af1d8d9c crypto/sha/asm/keccak1600-avx2.pl faf0cccb685d5abc807e08db194f847c67b940da2fc3c235c210dc31d73a5334 crypto/sha/asm/keccak1600-avx512.pl be1e7dd9998e3f31cfa6e1b17bc198aeec584a8b76820e38f71d51b05f8a9f2a crypto/sha/asm/keccak1600-avx512vl.pl 33bdcc6f7668460c3bdf779633e43bfad62b937042a73acb007b462fc5b0a034 crypto/sha/asm/keccak1600-c64x.pl 09fc831dd39bd90a701e9b16d9e9987cc215252a22e1e0355f5da6c495fca35a crypto/sha/asm/keccak1600-mmx.pl -bd0157f1a5741e0d23f3d84a8dad5a939f8d3c6182573ba2446187dd0d195233 crypto/sha/asm/keccak1600-ppc64.pl -a859fc8cb073b2d0012a93f3155a75fb6eb677441462b0de4f8cf8df1445e970 crypto/sha/asm/keccak1600-s390x.pl -618dcd4891b4064d3b8aa6dcd74bea7ef55f4962a64957b05a05448f6e3e0f17 crypto/sha/asm/keccak1600-x86_64.pl +6689c3adaa270bd88026ca686ce76b8aaa83a7cadf3954d84d3cf89c044cc958 crypto/sha/asm/keccak1600-ppc64.pl +fea3ce181c7a33bc673e3a4607e0f737a3a3e5958a3826596fb911b1297e2ca4 crypto/sha/asm/keccak1600-s390x.pl +0891adaa8ae2271217eb32a3d8e76b952ab6b348d587dc5be6be1591ac8d8811 crypto/sha/asm/keccak1600-x86_64.pl 831b8b02ab25d78ba6300ce960d96c13439bfba5844e13061e19c4e25cbacc3d crypto/sha/asm/keccak1600p8-ppc.pl 75d832db9bf0e98e7a5c522169060a6dd276c5118cfb297fc3f1111f55cd4007 crypto/sha/asm/sha1-586.pl c96e87d4f5311cd73bbdf499acc03418588be12426d878e157dd67e0099e0219 crypto/sha/asm/sha1-alpha.pl -ab1b54d71393dabba340438f5e2a34517d5d7de6030a67d71fcad744b3b7c036 crypto/sha/asm/sha1-armv4-large.pl +695ef6f8041f37f4b39cb7099e9c7c3a29d6f823823df7333530d375f5f5e01b crypto/sha/asm/sha1-armv4-large.pl 3ca053a2a27550b6076d2f12579899b027b2eadc0f30bef867c3eeae03e5e8bf crypto/sha/asm/sha1-armv8.pl 11d332b4e058e9fa418d6633316d2e9f9bf520a08b2d933e877bdf38b2edefcf crypto/sha/asm/sha1-c64xplus.pl 32ff0e701a7b8f25bcfe8477b20795de54f536527bd87d3ce694fd9aaae356d4 crypto/sha/asm/sha1-ia64.pl @@ -337,31 +343,33 @@ b5ffd7b6dbb04c05de7efa2945adb67ea845e7e61a3bf163a532f7b6acdf4267 crypto/sha/asm 74d197cdd72400cabbff7e173f72c8976723081508b095dc995e8cd1abf3daa6 crypto/sha/asm/sha1-thumb.pl a59a86293e28f5600609dc8af2b39c5285580ae8636520990b000eeeb67bb889 crypto/sha/asm/sha1-x86_64.pl c099059ef107f548ea2c2bab64a4eb8c277070ce6d74c4d32bb9808dc19c5fa3 crypto/sha/asm/sha256-586.pl -b320fa75cf2dda0e7081071aeb46452040ec3946ac7272ed5659b3d72f84b804 crypto/sha/asm/sha256-armv4.pl +0f01f7b5b0699f1e8ca260439d009febfa5b85b9e7b0933d236467e383aaaa2e crypto/sha/asm/sha256-armv4.pl 93ddc97651ee3e779144a3c6b3e46a1bc4aa81e75cd7b9df068a2aef8743d25f crypto/sha/asm/sha256-c64xplus.pl 8be5c5d69733ecb16774aa8410b4bcb3623a9f060d2be103d8aa67bf6e4c5843 crypto/sha/asm/sha256-mb-x86_64.pl +b14670492f24cd0d2fedf8780e981b7da123203395c085334d4571b619b0a610 crypto/sha/asm/sha256-riscv64-zvkb-zvknha_or_zvknhb.pl dd82e1311703abb019975fc7b61fb87d67e1ed916dddd065aced051e851114b9 crypto/sha/asm/sha512-586.pl -a1140ec67c33909c13b2eba62fd465c2043d83d86721add4da29ce55b8fcc0d6 crypto/sha/asm/sha512-armv4.pl +16e68ac669860c5bf8e4db81cd3d64fc2c22168e129c2597e94b0f56fafcdfa8 crypto/sha/asm/sha512-armv4.pl e840aeed694a04153364585989f09a791422c95260cfe5b89c3f8c57e0916a1c crypto/sha/asm/sha512-armv8.pl 6f548a088feae3b6faa179653ba449df9d3f5cda1e0561e5b5f120b32274d1eb crypto/sha/asm/sha512-c64xplus.pl 9fa54fbc34fd881f4b344374b9b4f8fb15b641424be7af9a31c71af89ae5d577 crypto/sha/asm/sha512-ia64.pl fb06844e7c3b014a58dccc8ec6020c71843cfdc5be08288bc7d204f0a840c474 crypto/sha/asm/sha512-mips.pl 11548f06d213947104a80898e000218ec0d6ff3f6913f6582de498476482ce9f crypto/sha/asm/sha512-parisc.pl 7c0c490ce6bb11a228853aecad5e164ce84e5bdabb8a6658ae7184782076c7d3 crypto/sha/asm/sha512-ppc.pl +07804b96dda856cffaef291641c4ae7f59288ed1e65e38823cfdcb74f8ac5295 crypto/sha/asm/sha512-riscv64-zvkb-zvknhb.pl 38e0455fd6a2b93a7a5385379ca92bc6526585ca1eb4af365fac4c78f7285c72 crypto/sha/asm/sha512-s390x.pl 0611845c52091b0208dd41f22ddef9dd1e68d3d92fa4c4360738b840a6314de6 crypto/sha/asm/sha512-sparcv9.pl f64d16c1e5c3fa4a7969de494a8372127502171a517c14be7a1e3a43a7308699 crypto/sha/asm/sha512-x86_64.pl 8725cabb8d695c576619f19283b034074a3fa0f1c0be952a9dbe9793be15b907 crypto/sha/asm/sha512p8-ppc.pl -83d52563e8b85ebf9e3448392c0b535a8564b7aaafc595e7a6653035a4511155 crypto/sha/keccak1600.c +c3b9d4507b8e1ce8376f1423a7908333ef23007f646f506036387ac0b792df6d crypto/sha/keccak1600.c 306cacd3f86e5cacaca74c58ef862516515e5c0cafaff48636d537fd84f1c2fb crypto/sha/sha1dgst.c -af4756bfeeabca490834f51e45e3fd726b5bbb35bb682b73d857a8c2e080c64f crypto/sha/sha256.c -3d972a11be18bfbfcd45790028635d63548bfe0a2e45d2fc56b6051b759d22f0 crypto/sha/sha3.c -dc89d6740cfb58729e3276e03d290ae8319c6b081bfeaf21a0aa15ffb9839e17 crypto/sha/sha512.c +65ca7d67f3e3fc0314ccb179b734530bf1cdbde3d3cf428adc4c402f52e4b394 crypto/sha/sha256.c +6999a480671f1b4c9dd1a802a231815673d30e7a4e0e2de14ef45e896818c9a5 crypto/sha/sha3.c +aef204d50f96b636576d8a52f8858fb5a4b2eb14bb60ebc14eb533df7a210e33 crypto/sha/sha512.c 6c6f0e6069ac98e407a5810b84deace2d1396d252c584703bcd154d1a015c3ea crypto/sha/sha_local.h 9ef5a01caccc2eb15f72e367d0424737040ac8018479bbbbce3d216c655765c2 crypto/sparccpuid.S 5056b14a55665ffa342a9a1bb32c1c36886add5d0819869193427f33cee028f7 crypto/sparcv9cap.c c50c584c55e56347bb43aca4b796b5344d70daece3061f586b79c871c21f5d1a crypto/sparse_array.c -cd677fd62171621d5e6b142df164aa847149ef4a01f6e3cea4516dcb137824e7 crypto/stack/stack.c +00f5a33a4c0fbba02685519d0fb3de75680619384f8fac30b43b9109ca0e5fec crypto/stack/stack.c c0c4fd0f112465c6766072e25268c2f9019430e2c08c3c0a4271603d24d79f04 crypto/thread/api.c e298c753be277ad9a2ac0132d9897cb4c85607dbb2d11cfefd0c98e0f6a723d9 crypto/thread/arch.c 5c02ff77d290ca0deb19672c1ed6fc0f47a0d630f61398a204a2684a7d418f0a crypto/thread/arch/thread_none.c @@ -369,16 +377,16 @@ e298c753be277ad9a2ac0132d9897cb4c85607dbb2d11cfefd0c98e0f6a723d9 crypto/thread/ a00e16963e1e2a0126c6a8e62da8a14f98de9736027654c925925dadd0ca3cc1 crypto/thread/arch/thread_win.c 27ec0090f4243c96e4fbe1babfd4320c2a16615ffa368275433217d50a1ef76c crypto/thread/internal.c 67ba8d87fbbb7c9a9e438018e7ecfd1cedd4d00224be05755580d044f5f1317a crypto/threads_lib.c -5128f6ff98a37b6f9266c6b776020a62e536d8e9e05212c600f42150f32d3d23 crypto/threads_none.c -e29e0fc64feaa71c68da6e5f2fa8a00853f9b2d6a8b516eb474bde51e23065f6 crypto/threads_pthread.c -88b1a6c282ea8e6d3eff5c0808894b49e4b4883847ed45ed448e99249dacf499 crypto/threads_win.c +245ebf04d6814f020b2cf0922e1083704d736d4788998e2d17b0e26a8098a7bf crypto/threads_none.c +a24f71b40cc64a0f714c09169bad3eeda078ff7fd996b2a23ea37c412800361e crypto/threads_pthread.c +769bf599076f8c0a8432e2bbe269a1b33b998212405596eb464514181187fc4e crypto/threads_win.c 8b45f948303045d8f753858b1b892e3da13bebe1bdac500db91fbb54a0ac07da crypto/time.c fd6c27cf7c6b5449b17f2b725f4203c4c10207f1973db09fd41571efe5de08fd crypto/x86_64cpuid.pl bbec287bb9bf35379885f8f8998b7fd9e8fc22efee9e1b299109af0f33a7ee16 crypto/x86cpuid.pl -492e7ba619c2e23a454503a7eaccf455af638484090d4671258203739666c644 include/crypto/aes_platform.h +56912aa7bfb1aba71fdb5b590a60593d604ddec007fd7820cdf176ec07d2694d include/crypto/aes_platform.h 68f6c521b1dbfacb99d75cb1ffdbcd1795d6e0157df69c6c6a7c04f85ea715ec include/crypto/asn1.h 8c6f308c1ca774e6127e325c3b80511dbcdc99631f032694d8db53a5c02364ee include/crypto/asn1_dsa.h -d95af0a278bc2edef9c3e1129fc6e7b1577b1ea95249b05ef39c4a4847e9ddac include/crypto/bn.h +4f11b128f3a6a5c0a567fcc72750361fde3e8c5b8b0adea529fea9ab65c9318b include/crypto/bn.h 1c46818354d42bd1b1c4e5fdae9e019814936e775fd8c918ca49959c2a6416df include/crypto/bn_conf.h.in 7a43a4898fcc8446065e6c99249bcc14e475716e8c1d40d50408c0ab179520e6 include/crypto/bn_dh.h a6957475e4c7ae80c06537c3fd3b63f2368b664da54a96befd0a6fa38de27b4a include/crypto/context.h @@ -390,30 +398,30 @@ daf508bb7ed5783f1c8c622f0c230e179244dd3f584e1223a19ab95930fbcb4f include/crypto 679f6e52d9becdf51fde1649478083d18fa4f5a6ece21eeb1decf70f739f49d5 include/crypto/dsa.h c7aafee54cc3ace0c563f15aa5af2cdce13e2cfc4f9a9a133952825fb7c8faf5 include/crypto/ec.h 2d8cba492193c170d1f759508556188a568cabe5960020b9a889b69838adbfa4 include/crypto/ecx.h -4c3aab5edf9ffc34908a8f74c1263f02573e2ca0ed805e1208ec389e4089867c include/crypto/evp.h +0b55a5801dd3ce5f9ea27c7bc49a4685cc574410d67a9c49e27a217257123981 include/crypto/evp.h bbe5e52d84e65449a13e42cd2d6adce59b8ed6e73d6950917aa77dc1f3f5dff6 include/crypto/lhash.h 906bc2316e4f4651e5db7a8273ec3bb4bcbfb55f0f484bebdae4f6d0ce033bdf include/crypto/md32_common.h 6e7762e7fb63f56d25b24f70209f4dc834c59a87f74467531ec81646f565dbe3 include/crypto/modes.h -38fdd544efa495426cc684894727cf05a0f125f5cf6e11de133d43f785d5bcce include/crypto/rand.h +920bc48a4dad3712bdcef188c0ce8e8a8304e0ce332b54843bab366fc5eab472 include/crypto/rand.h 90930fc8788d6e04e57829346e0405293ac7a678c3cef23d0692c742e9586d09 include/crypto/rand_pool.h -2f502340909e531a9a7c71451400eb68a53bf62015c17b0169b1efffb0703882 include/crypto/rsa.h +cb59783c25ffecb35aaff5548f5d97a26ad463ae491eb3932adb512626f85681 include/crypto/rsa.h 32f0149ab1d82fddbdfbbc44e3078b4a4cc6936d35187e0f8d02cc0bc19f2401 include/crypto/security_bits.h 80338f3865b7c74aab343879432a6399507b834e2f55dd0e9ee7a5eeba11242a include/crypto/sha.h 7676b02824b2d68df6bddeb251e9b8a8fa2e35a95dad9a7ebeca53f9ab8d2dad include/crypto/sparse_array.h 7ad02c7de77304c3b298deeb038ab2550cf8b2bce03021994477c6c43dbcf86e include/crypto/types.h 27d13538d9303b1c2f0b2ce9b6d376097ce7661354fbefbde24b7ef07206ea45 include/internal/bio.h -92c4187dc051dbab777271e6976eb10bc90197abfd9b0d6f20bc17503f54564d include/internal/common.h -92aacb3e49288f91b44f97e41933e88fe455706e1dd21a365683c2ab545db131 include/internal/constant_time.h +53ec45b4f165adf271b528fc08da0832e2f82d9e13a338cc3ad78e925147c7cc include/internal/common.h +8e984890c7c62cdd6356963f034831831f7167c65096cb4d23bc765d84d2c598 include/internal/constant_time.h c5bb97f654984130c8b44c09a52395bce0b22985d5dbc9c4d9377d86283f11f8 include/internal/core.h -3e4700edd79786624a6a4ea00b609290f70ad89325e220eae8a5c7fe7b0a7d99 include/internal/cryptlib.h +36e5c3ea8e285d0df80a136d26c05df0de521c017ba0e50873e3bcfdb612bd99 include/internal/cryptlib.h 9571cfd3d5666749084b354a6d65adee443deeb5713a58c098c7b03bc69dbc63 include/internal/deprecated.h dc5afb955d810feb5af9f8d25cd8a92118abef320fee95c07b04f301c4e0d96c include/internal/der.h 8059e715f981fbe02b5731610ed24bb6ae617a55e90b03f4260cbb6ccd71e8de include/internal/deterministic_nonce.h fd1722d6b79520ee4ac477280d5131eb1b744c3b422fd15f5e737ef966a97c3b include/internal/dso.h f144daebef828a5bd4416466257a50f06b894e0ce0adf1601aa381f34f25a9e7 include/internal/dsoerr.h -99276e4650bfdcddac06eaa70dd2e255b30b61ebd8ef948384e28b1dd17ddb61 include/internal/e_os.h +45036710f2499cdf6b786a9dce29dfe6d2ae06ea8e3d5cb2a782f64ed85d267e include/internal/e_os.h 70d3e0d5a1bd8db58dcc57bea4d1c3ed816c735fe0e6b2f4b07073712d2dc5ef include/internal/endian.h -19b0b6356921484359c2e5e7839ffc476fe48a31fbae31595545a58c920ae224 include/internal/ffc.h +4838a68ff626825c261df6a1fd21e156e25d8365af45552f29054d7038a7db3d include/internal/ffc.h 55c4102496ed5ab16de11afe38c328a1396c3b6e2c7e44add4a38855103c19da include/internal/namemap.h b02701592960eb4608bb83b297eed90184004828c7fc03ea81568062f347623d include/internal/nelem.h 3363405b2d6afab68f7e13921385ccb648fe7f77522bd0aa5fdf2d7af0b87660 include/internal/numbers.h @@ -424,23 +432,24 @@ f42d4a6108a18ade3eb99682c072adf83889b6ba3fc80ee3e20929ed8d0f7137 include/intern d4ac19b28ea61f03383364cfad1e941cac44fc36787d80882c5b76ecc9d34e29 include/internal/property.h 727326afb3d33fdffdf26471e313f27892708318c0934089369e4b28267e2635 include/internal/propertyerr.h 811eff73f789e535530cf23ea6037d4da6cde53398e0e7063e60c68b8923a9b5 include/internal/provider.h -9b7d51e4bcf7375dff3ef2d815443c36f19b4a48bcf89a5805a55dfac30505f8 include/internal/refcount.h -5f48b2caa1986f85fc31d1f96621684736c27964291b3718dd35f3a15534fa99 include/internal/safe_math.h -11ee9893f7774c83fcfdee6e0ca593af3d28b779107883553facdbfdae3a68f5 include/internal/sha3.h +95d21e761402fcbf1d3bdb261e425316b07d2790dd190e4eeaa1e21e40ff9a59 include/internal/rcu.h +baf5df9b8b91cb5b821ee27348a47364c9dfc86144c9573403e9d54fa970f81f include/internal/refcount.h +a01805714966e6de536ee182d5476cb1708d019631f016f331a034cf3b2b3158 include/internal/safe_math.h +c422f38eca312a2f97a0cc91891185a14f812247dfea8abd66f68540870b0429 include/internal/sha3.h 494ab5c802716bf38032986674fb094dde927a21752fe395d82e6044d81801d1 include/internal/sizes.h abf03dc8635f2925bdc2299feabe115f8d5d6eaa450b421172ded222872386ba include/internal/ssl3_cbc.h 24f41a1985fa305833c3f58030c494d2563d15fc922cdf3eeb6a7ea8c135a880 include/internal/symhacks.h 6b186bc71a3a41681c94b5bf0a201741f15ee5e6e6a3973d5e878ea3de22e6db include/internal/thread.h -40e15986cb4821472db9b4c8a87ec93405fcb5d2b9eb91eb9bf9991ff71fda30 include/internal/thread_arch.h +8a14b0e830da8ace10e661d7b1bca301a9bf2662f0c55e07aef3ff7344142b53 include/internal/thread_arch.h 640cc6a2aae208073a7f495c08b4c5006a69e8ac1c2d9aaaafd56b0e74d5f859 include/internal/thread_once.h -cffb9780b29eb9e6ee6239ac64a9d37bb45eba4ac0c20fa6b2eec703c565b40f include/internal/time.h +300fd75e47ace860d006db0050683553417701ead2106c4b5bc6a31745099155 include/internal/time.h ef96b731db0e0998c11a297d601f5b37c02525774d532fb4f92160e9069c7dfc include/internal/tlsgroups.h 7d97636320f6ce993ff6ff15741b90323a32fbeea4960fa64be2eb147063a149 include/internal/tsan_assist.h 2b38fb6e65d549aca3b2c76907daf67124f395251c0261dec26faa54da8d6d73 include/openssl/aes.h 47fd81a330f042baf3675f4154c6276ab7a8cf76efaf01288abe41f119ec5588 include/openssl/asn1.h.in -d4733dcd490b3a2554eaf859d1ea964fe76f7d24f78e42be1094bdad6dee7429 include/openssl/asn1err.h +8bc93f8b980835aff9b8e788c3cd6654a8fc5f1405d3934b968118c4b56c282a include/openssl/asn1err.h 1550474ee05423896ec4abfb6346f1bc44c7be22329efac9ea25de10e81d549c include/openssl/asn1t.h.in -5610c3cb39f1c6d6dc071836b4b92f686f1c5931bfc11de0ba9a9bcd0bdc995b include/openssl/bio.h.in +09062292a6f354d183ce13ea5905d82a2411e61cb127bc477b4b54f724fbcdad include/openssl/bio.h.in fe5ab4bc904b7c77e5411c4b7dda6d29595eb60a87f00e30ab32f48391f98b44 include/openssl/bioerr.h 9caa80699882befcce556446a45e5ffde5aa938aa2aae0e8ecd46c9c6a3fe419 include/openssl/bn.h 9ad8b04764797f5138f01f549ba18b44cf698ffc7fe795fef42c1822d84a6ff4 include/openssl/bnerr.h @@ -448,11 +457,11 @@ fe5ab4bc904b7c77e5411c4b7dda6d29595eb60a87f00e30ab32f48391f98b44 include/openss 9d48e6cab2ee98ae94d7113e4c65f000d97e125fdb3445642865ace3f34d06ac include/openssl/buffererr.h 8e772c24b051e59d2f65339f54584e3e44165a3eaf997d497faea764990130f5 include/openssl/cmac.h 1342636127f3d365ac538115e706ea1aea43ab8fa79e86756e818b30a72789c7 include/openssl/conf.h.in -f20c3c845129a129f5e0b1dae970d86a5c96ab49f2e3f6f364734521e9e1abe3 include/openssl/conferr.h +bb45de4eafdd89c14096e9af9b0aee12b09adcee43b9313a3a373294dec99142 include/openssl/conferr.h 69d98c5230b1c2a1b70c3e6b244fcfd8460a80ebf548542ea43bb1a57fe6cf57 include/openssl/configuration.h.in 6b3810dac6c9d6f5ee36a10ad6d895a5e4553afdfb9641ce9b7dc5db7eef30b7 include/openssl/conftypes.h 28c6f0ede39c821dcf4abeeb4e41972038ebb3e3c9d0a43ffdf28edb559470e1 include/openssl/core.h -6876672a5dc96fbf25162b48615ea8f827f3ac3e7982bd09b0d0a7a2dd74cfc0 include/openssl/core_dispatch.h +b40a869b35c4ee64bb167b673c8cf435ece3612439f4c4424bea74afa1326922 include/openssl/core_dispatch.h 8b4027cf19ce2a7cbad506cde61552123818b6eae62d5fbdae34e9f68660e6f8 include/openssl/core_names.h.in 371413ef13841f1245a225c8ec1cec463629c42bfc33254f979d2a8672112f9a include/openssl/crypto.h.in 2f9570c2514b4d1b2a86fbdf30ced879e5c52e62f1d3691cb3da37ce4f6a98dd include/openssl/cryptoerr.h @@ -461,26 +470,26 @@ bbc82260cbcadd406091f39b9e3b5ea63146d9a4822623ead16fa12c43ab9fc6 include/openss 503b45367b035ddf6e54587125c2100ceec324d646e6f3df92c12513185e977c include/openssl/decodererr.h fa3e6b6c2e6222424b9cd7005e3c5499a2334c831cd5d6a29256ce945be8cb1d include/openssl/des.h 0837b1ec7074b37d2e1d5ac46d6003c3fc4f1ff10f2e44c64b5709b0bacec4e8 include/openssl/dh.h -8db02ada121100704950b2199c8129daf7562b9ad2812121e20fcf50d7ba7c3d include/openssl/dherr.h +b74a54335bb2f55caacd5c3fd10db3575166fc35077dc5740059243f70e0b179 include/openssl/dherr.h 3cfb7211419c5dcc98b9a20713e2245befa0182a10615edb89a5ce0a0725a787 include/openssl/dsa.h 276d1f6e111ba933bc708e6a0670047cbe0d0b67aabe31807abbbc231de4d8cf include/openssl/dsaerr.h -46921241755eec0c0fe1a0a5b32c51ac7a3ecd33b9aa05a7489ad4f67d5454be include/openssl/e_os2.h +9dd6f71572098501790b79959f5215ad4458c3e88fd4fd1b1cd00e0788306de7 include/openssl/e_os2.h bc9ec2be442a4f49980ba2c63c8f0da701de1f6e23d7db35d781658f833dd7b9 include/openssl/ebcdic.h 49e8a9d226d543ac482cecdc01c83b7ccdfbfca6ad92d690aad75a245148e2ab include/openssl/ec.h 7aa8c5bee779af59d4733f6a50f7f6be39f1eb43409e5b3357440f9a7d0ca115 include/openssl/ecerr.h 61c76ee3f12ed0e42503a56421ca00f1cb9a0f4caa5f9c4421c374bcd45917d7 include/openssl/encoder.h 69dd983f45b8ccd551f084796519446552963a18c52b70470d978b597c81b2dc include/openssl/encodererr.h -d4d376d2251df847f8c8aaf164834787332802ff3ce0c9263be3de952cf00ea4 include/openssl/err.h.in -644cb0cb1d8a6f94395088d5f628a5771513f58708893839647894f4875f5278 include/openssl/evp.h -5bd1b5dcd14067a1fe490d49df911002793c0b4f0bd4492cd8f71cfed7bf9f2a include/openssl/evperr.h +aa02455482d744418123266f581b9b4310ba678c7d28c10fffc5eec74ce3c8ef include/openssl/err.h.in +61a6fffa77d7482bae2096996ab48b9f399c144083b1629ba2500259f87e35fc include/openssl/evp.h +a5e2027d1154dfae857c34e846a79aa99576bcb261341ec3c2ced73ac28c2aba include/openssl/evperr.h 3085bc5a77ea3776619bf9c748632a3a23f1d8dcad5239ba0f48939f375fb0e8 include/openssl/fips_names.h b1d41beba560a41383f899a361b786e04f889106fb5960ec831b0af7996c9783 include/openssl/fipskey.h.in 47a088c98ad536ea99f2c6a9333e372507cb61b9bdffb930c586ed52f8f261eb include/openssl/hmac.h faab8accc9520269dd874126ae164a43526d5784e6280521c7ab3772c02b0a0c include/openssl/kdf.h -a09630e7aaf5862aa9f1dc8aaa8e9b9326606ccf3f4adf250d156d79c886da8b include/openssl/lhash.h.in -1368eab024d7d2bf9297ed08dce20ed1a57bbc6ab423b026c46d855ba870a6cb include/openssl/macros.h +625258d115ddc5117eaa2ff126e548e25fb81336abead079e6f2028f4bce4e92 include/openssl/lhash.h.in +1d0727322274c34d622a9955a5c50a6537f872f2740286068758fde24bf607b1 include/openssl/macros.h 9184207c562fd1fa7bd3a4f1fadcb984130561279818f0cdfcf3e9c55be8a7d1 include/openssl/modes.h -290ff74354553fc9746e4725bc5cfd9de59dad691fda3f3f5880cb0d767b08df include/openssl/obj_mac.h +46d7f1dfef8bce7c0edf89d8f08d63f35c998bd9de52b864d5ce3e1b661da067 include/openssl/obj_mac.h 157797b450215f973eb10be96a04e58048ab9c131ad29427e80d0e37e230ed98 include/openssl/objects.h d25537af264684dff033dd8ae62b0348f868fcfec4aa51fa8f07bcfa4bd807ad include/openssl/objectserr.h fe6acd42c3e90db31aaafc2236a7d30ebfa53c4c07ea4d8265064c7fcb951970 include/openssl/opensslconf.h @@ -495,7 +504,7 @@ e512ab2e492d968a9bf8b2b048f79ac5dfe11bddf3c00f2eec6e9c6ecc57d330 include/openss 2f4f0106e9b2db6636491dbe3ef81b80dbf01aefe6f73d19663423b7fcd54466 include/openssl/rsa.h 2f339ba2f22b8faa406692289a6e51fdbbb04b03f85cf3ca849835e58211ad23 include/openssl/rsaerr.h 6586f2187991731835353de0ffad0b6b57609b495e53d0f32644491ece629eb2 include/openssl/safestack.h.in -676015d7541e7929c8ecbea648665f869d7edf50f9e7292a401b18c63a7ffe05 include/openssl/self_test.h +f2d37d316a2f80ad83117495ba68af6629a3817b2cc0dd5cdf981e116145483b include/openssl/self_test.h a435cb5d87a37c05921afb2d68f581018ec9f62fd9b3194ab651139b24f616d2 include/openssl/sha.h c169a015d7be52b7b99dd41c418a48d97e52ad21687c39c512a83a7c3f3ddb70 include/openssl/stack.h 22d7584ad609e30e818b54dca1dfae8dea38913fffedd25cd540c550372fb9a6 include/openssl/symhacks.h @@ -533,68 +542,68 @@ e1ef8b2be828a54312d6561b37751a5b6e9d5ebdb6c3e63589728c3d8adca7dc providers/comm c2b4301a9f835c0b3776ad3afba7121d00cd7ae6387fe11c96269a37da08027c providers/common/include/prov/securitycheck.h 737cc1228106e555e9bab24e3c2438982e04e05b0d5b9ee6995d71df16c49143 providers/common/provider_ctx.c 3f5656c405ec57a261df7af940c1512990555361f69488a28d65e16f6b865a1d providers/common/provider_err.c -101d50bfdd8a9aaf096f5d0d80b874d9c59f9c0c4433159cda96426777aae09f providers/common/provider_seeding.c +c4032b7cb033b588c6eb0585b8dfbed029d5b112a74ddd134dbcb1d78b0f9684 providers/common/provider_seeding.c 6e833d259d04cdedc007e6cda52fd706527edcf4b4432dbd88cbf45c3f7a4442 providers/common/provider_util.c 5b94312727ca33e4f5c038f4caaae8417bf584cfde22df83d91f3c55c30c81ee providers/common/securitycheck.c bc4370324c4c8791ea6de8641d255073c6745ee984e18912d535e155d9815244 providers/common/securitycheck_fips.c abd5997bc33b681a4ab275978b92aebca0806a4a3f0c2f41dacf11b3b6f4e101 providers/fips/fips_entry.c -42cd9a91e687784eb44be472075f3ed5f6ec60a47fc1db7ef5b577949cbbee85 providers/fips/fipsprov.c +4182e53ef3923e24c497bda55a3e594c538cb53eaab7659a43e59081640b6e96 providers/fips/fipsprov.c 029fad3c27617c725e516621c2f6c3a0e1dca0fa22f4e89a1a6b9a977c8d935d providers/fips/self_test.c f822a03138e8b83ccaa910b89d72f31691da6778bf6638181f993ec7ae1167e3 providers/fips/self_test.h -551631b909f8d173eafcccac782a44c8aed92bb8463bfccdb936b7f3aee2a48b providers/fips/self_test_data.inc -5b6d8dbc1365974eb9a5d417b2276d40fa7b9e733bb224200d20a61b4b025973 providers/fips/self_test_kats.c -4428a56f5d195547348c743df0c14ac9c97cd7b60ce09b76cffe5e7c9296daec providers/implementations/asymciphers/rsa_enc.c +09362a49fda902e2d29617cad7296b11b9d372fc925c6114196a1ffe3ee81b33 providers/fips/self_test_data.inc +47b5e2649e7b37178c2c6236c8503bf87fabfe2b7cc5ecee69a5ed4780decb92 providers/fips/self_test_kats.c +9088379971217bcdc3d599a5b253f5c6d1d2f420f0486e3e279c70156ba995ba providers/implementations/asymciphers/rsa_enc.c c2f1b12c64fc369dfc3b9bc9e76a76de7280e6429adaee55d332eb1971ad1879 providers/implementations/ciphers/cipher_aes.c -f9d4b30e7110c90064b990c07430bb79061f4436b06ccaa981b25c306cfbfaa2 providers/implementations/ciphers/cipher_aes.h +6ba7d817081cf0d87ba7bfb38cd9d70e41505480bb8bc796ef896f68d4514ea6 providers/implementations/ciphers/cipher_aes.h 20494fb9eb9f0578a3a574e0c6406108cfb28d7895a1891d57b3238420ec4f7b providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c 7668e5c1cac474ad7b0f28aa78ca885edf44815fe4a606a6cd328b3c02fac25a providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.h 26e0f28523b416ba4067e471061f5a11fd76f5dc8bfe57ce37a137cf5667630b providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c 6d2ab2e059ef38fad342d4c65eebd533c08a2092bb174ff3566c6604e175c5a4 providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c f37c3cf9e2e6fcfcbed941f3670b790fe09990349db72eb065bef51705d46e96 providers/implementations/ciphers/cipher_aes_ccm.c 00f36bf48e522dbb5ec71df0ec13e387955fa3672e6ff90e8a412ae95c4a642f providers/implementations/ciphers/cipher_aes_ccm.h -17b9d63357824c24b48c889e27f74e8882bfce740f4c755ae5843def46abe650 providers/implementations/ciphers/cipher_aes_ccm_hw.c +4812d59ab6e1380f38e0c7cc0d7995eb6a2abf1438cedf233b939a17c4111482 providers/implementations/ciphers/cipher_aes_ccm_hw.c 302b3819ff9fdfed750185421616b248b0e1233d75b45a065490fe4762b42f55 providers/implementations/ciphers/cipher_aes_ccm_hw_aesni.inc a8eaca99a71521ff8ac4ffcf08315e59220f7e0b7f505ecddad04fadd021ec14 providers/implementations/ciphers/cipher_aes_cts.inc 7e886ecc088b5903aa082eac72a4c46f9064392bdf5723a592368ecebfeb71c0 providers/implementations/ciphers/cipher_aes_gcm.c 79f5a732820d2512a7f4fc2a99ece7e6e2523a51e62561eb67a4b70d5538b0c4 providers/implementations/ciphers/cipher_aes_gcm.h -986450da9f87b3cea00880c5bb5b0908b201ba27f68942b9f8bfff393610b3bb providers/implementations/ciphers/cipher_aes_gcm_hw.c +c6f091629dadb1b0b55e45636a28c31268fea4abfd3c068917c6c94b9aab704d providers/implementations/ciphers/cipher_aes_gcm_hw.c be18c20e0197f25fe7b9e0268657a2271a69d216b89cb100f082fa5fcaad1e07 providers/implementations/ciphers/cipher_aes_gcm_hw_aesni.inc -26b55801b80128e60fa4cd4fb2b7a81a8741fc78142b0b670b09483ada592f0d providers/implementations/ciphers/cipher_aes_gcm_hw_vaes_avx512.inc -4dea01dde337e6416db6217ae4a64a0681187c38325a27bc449160f8de7580bb providers/implementations/ciphers/cipher_aes_hw.c +60c4f604cf9b5457be48f31cc24ca21729660381081b2dbf99f362a013a09684 providers/implementations/ciphers/cipher_aes_gcm_hw_vaes_avx512.inc +d65415e14317e58673808b90a4dcd9aea47ae1ef2250edc1a8f1b872f0e9b1cf providers/implementations/ciphers/cipher_aes_hw.c 89de794c090192459d99d95bc4a422e7782e62192cd0fdb3bdef4128cfedee68 providers/implementations/ciphers/cipher_aes_hw_aesni.inc -5eb2b02ac65ed2c537c5be65779065077d141dd16730666a2bb00ca08b05f861 providers/implementations/ciphers/cipher_aes_ocb.c +04df57a8e45aef30006a447779f9137273181950dd422eacbb1d82245ebf0a16 providers/implementations/ciphers/cipher_aes_ocb.c 88138a1aff9705e608c0557653be92eb4de65b152555a2b79ec8b2a8fae73e8f providers/implementations/ciphers/cipher_aes_ocb.h -5840571376d5e32681644224ef25e70ca771357f9e8ce152eada6a15df113731 providers/implementations/ciphers/cipher_aes_ocb_hw.c +634cd29f13e5dd8ced3467504e8313b454a90371735ef42a5fe82c027b473064 providers/implementations/ciphers/cipher_aes_ocb_hw.c 110f14e06311883d5e312b37e9d87c51f809592d3092ecd8eb449ea4bc7cac38 providers/implementations/ciphers/cipher_aes_wrp.c a79fde91348c9df6bb359e5353a442800ca514a1ffcb68e5cc5f7afe7d57d5ec providers/implementations/ciphers/cipher_aes_xts.c c4a2499b214d7cf786dafaaee5c8c6963b3d5d1c27c144eec4b460f839074a3b providers/implementations/ciphers/cipher_aes_xts.h 281157d1da4d7285d878978e6d42d0d33b3a6bc16e3bc5b6879e39093a7d70da providers/implementations/ciphers/cipher_aes_xts_fips.c -ea3b4a90f24b2feeee3f6e34805150bb7100a5b7fe0c0e9983c6b7566cacfc56 providers/implementations/ciphers/cipher_aes_xts_hw.c +a4c4278d0dfae73d40e2758e4bb7d909f51a2b7cf4e980e4d33d4695ce8af44e providers/implementations/ciphers/cipher_aes_xts_hw.c 46ba8271917b53fd8fdf77aee19cc326a219c950b94e043d6d118dcac25ad7ad providers/implementations/ciphers/cipher_cts.c 57ee5e4d0af6d6006b04e60c5727b43a71ed37b67aa2410e03ec8932ad4a69e4 providers/implementations/ciphers/cipher_cts.h fcc3bb0637864252402aaa9d543209909df9a39611127f777b168bc888498dc0 providers/implementations/ciphers/cipher_tdes.c d4cd3672d769b38d5346c9b76fa3902b8bb2daee2aa5e1c1e70b75a54c2f43cd providers/implementations/ciphers/cipher_tdes.h -db10699b91e2634ac5de4f42661a15e1f718823c092301d862088bae267bc212 providers/implementations/ciphers/cipher_tdes_common.c +e5739a8201637f76f8daee987a535f1f278d6c2ad292dddd0a6a397108c65588 providers/implementations/ciphers/cipher_tdes_common.c 50645122f08ef4891cd96cace833bd550be7f5278ab785515fd61fe8993c8c25 providers/implementations/ciphers/cipher_tdes_hw.c -6bb3c24bfd872e3b4c779b29e9f962348f6ae3effeb4f243c8ea66abefe8a4fa providers/implementations/ciphers/ciphercommon.c +1f44963b1ac450cb77d75df9fbf956b04742e38d236d316c7eb8021bdf0573a4 providers/implementations/ciphers/ciphercommon.c ab9a2edb23aa61cf31da6addd8674a6028f93399eceeeee35a56ee770338fd6c providers/implementations/ciphers/ciphercommon_block.c -4b4106f85e36eb2c07acc5a3ca5ccd77b736b3ac46cc4af786cf57405ecd54b2 providers/implementations/ciphers/ciphercommon_ccm.c +8af515e63a0c16ff35dcedcc43c7b4735a10943f1e937eeeb73eb1af3dc92782 providers/implementations/ciphers/ciphercommon_ccm.c 8b6828f188c2590c7d9c6cac13fa0eb6d38a522b0f2859e7c8a766580fa9b66e providers/implementations/ciphers/ciphercommon_ccm_hw.c -90a727b88ae6cdef8b93a9e5a326f3647087d137dc21b99921a8c5a463fc4d21 providers/implementations/ciphers/ciphercommon_gcm.c +425384b22ca7b7265e163e5768da4a60773a6d88a0a96df7c990759063560cba providers/implementations/ciphers/ciphercommon_gcm.c bb67eaa7a98494ca938726f9218213870fc97dd87b56bda950626cc794baf20b providers/implementations/ciphers/ciphercommon_gcm_hw.c 23fd89e3239e596c325a8c5d23eb1fe157a8d23aa4d90ed2c574bf06dfabd693 providers/implementations/ciphers/ciphercommon_hw.c c4b1cb143de15acc396ce2e03fdd165defd25ebc831de9cdfacf408ea883c666 providers/implementations/ciphers/ciphercommon_local.h 39b47b6ef9d71852964c26e07ef0e9b23f04c7493b1b16ba7c3dba7074b6b70d providers/implementations/digests/digestcommon.c 5f41dd1bf77bd08d287a875f9d6e5a423bf286524694ae7ee133cdd03ee763c0 providers/implementations/digests/sha2_prov.c -66a8eef0ecb12df2d38111735a7cb3257b85039c34fda6fc0e41db96e2d328cb providers/implementations/digests/sha3_prov.c +9aea6dc6275fe3d7fd62bfcb0f0482ca1d1c5ab8347c4ea1e65ed0ffc3531707 providers/implementations/digests/sha3_prov.c 4b774bf9267ebe05bf90076bc18e19a21e03ee2716bdb8fc4e6458774e9a820c providers/implementations/exchange/dh_exch.c b2d80c38dd62b46f2dd71e81a5684f54f43200d3ddbb86178081760ecc93525c providers/implementations/exchange/ecdh_exch.c 4994df237719649b086a032bd64c1cf38ceb4e67dd8ec98da20edf5bc3eadb0b providers/implementations/exchange/ecx_exch.c -2c8421ca27626472fd263172c76188b8b3eeda996dc925d052a8809543a33c11 providers/implementations/exchange/kdf_exch.c -24b784d29c46f6f7fd6d775ecef6a96bfd5faaa7a555f0aa0c97e94b74f09bc1 providers/implementations/include/prov/ciphercommon.h +b1115636f53bf70f417b183cafeb6d38e230d11d8de731e6896ba60cc850d931 providers/implementations/exchange/kdf_exch.c +1f248e220109ead708d4e1189be85299b4d11a935ad6bf2e8e6fd020e680c879 providers/implementations/include/prov/ciphercommon.h a5ea831a23c0f52a37660437f6c61f129c3f8428daf6f8cd8dd458f358c56937 providers/implementations/include/prov/ciphercommon_aead.h a07b9c86346100feef15c9abb57e48a6099bc9fa782724a2283f17910ef192fb providers/implementations/include/prov/ciphercommon_ccm.h -45e45a82a91751b27cf5160f14b6407bce3372591dc965e565d8091e46179e6b providers/implementations/include/prov/ciphercommon_gcm.h +0da2601354752c1d7085d1aee30ccc45a4066db9ec042fcd7a9da1644cac2330 providers/implementations/include/prov/ciphercommon_gcm.h b9a61ce951c1904d8315b1bb26c0ab0aaadb47e71d4ead5df0a891608c728c4b providers/implementations/include/prov/digestcommon.h 1baf1c06b20a0eb8ec271452544922d67c1cc168dbe9853b259191de4bd99918 providers/implementations/include/prov/ecx.h 062b49fc5cfa405fbcb184b1b48c9141db22531493bf828ba8543d24b0b72692 providers/implementations/include/prov/hmac_drbg.h @@ -603,39 +612,39 @@ a6879c2e107597c49efa07fae48f0554ffbea9814c31d186bf0ce9f83e1ec9d2 providers/impl 4014246d44fa3f34aad5372c75d3f7eea528f1cf1798e30d5627e7620a356631 providers/implementations/include/prov/macsignature.h 27e57358e8ad201e382b50d5760f010badd9d6253deb34e6fb93a2af35450d9a providers/implementations/include/prov/names.h b9f8781167f274ccd8b643b3bb6c4e1108fb27b2aae588518261af9415228dae providers/implementations/include/prov/seeding.h -976a18396364387b36b83d1cb723b530dce37ffc57fa066567fe730853f84444 providers/implementations/kdfs/hkdf.c -0d0c153bbb7234a98cd95fb802bed6bfc00a6002dd61a7fe77a44433a3cd9181 providers/implementations/kdfs/kbkdf.c +c2dc086f1bef78ef68b950ac1181f8c1c5053d4093d04a775f5afb78f62fcf3a providers/implementations/kdfs/hkdf.c +ba0523cf3f664568f591c888a737a8ea008652e767d2239e998fdcfc7e3b99d4 providers/implementations/kdfs/kbkdf.c 03b3dffd32a2b8f94e7d39b97f3d7b36f00cd0177ee5e7329a39aeca20ed4baf providers/implementations/kdfs/pbkdf2.c c0778565abff112c0c5257329a7750ec4605e62f26cc36851fa1fbee6e03c70c providers/implementations/kdfs/pbkdf2.h abe2b0f3711eaa34846e155cffc9242e4051c45de896f747afd5ac9d87f637dc providers/implementations/kdfs/pbkdf2_fips.c c3502c75dfb8c97c907eb478be84cc9e09dc0c17ede2c739b433145abfef7202 providers/implementations/kdfs/sshkdf.c da5fa36d4fbb2816221560f5cd1c1710b59b8f948c1b9d2a37ee8e30a07b04f2 providers/implementations/kdfs/sskdf.c -7aab45293d8cb6d6a778f6d8fb243a679d98a73a26ac7c681ff280a8d5e06664 providers/implementations/kdfs/tls1_prf.c +a0ab99ee26632a98f6c5e9ad9fdfbc87d21ea80caf100727d14ccde68f1d7bad providers/implementations/kdfs/tls1_prf.c 1664cb4137073e9c0e202b82ca251e8620dbc83aa3d3d6b85de440183288ea61 providers/implementations/kdfs/x942kdf.c -bb7ad10481d496f3227897c00b2a9d516ce8e0a6627f4addeabd9c72d9cf825f providers/implementations/kem/rsa_kem.c -ae4bb64d67e22df2ea43345af50b3c205781aff9f677a7436e35c00c5c3b99ff providers/implementations/keymgmt/dh_kmgmt.c -2d229f89413d3a3c945f5862145258cadf24bfdde37b637a1bf51d683308873d providers/implementations/keymgmt/dsa_kmgmt.c +e695d71a366cc716221c1f033bacbc8e926c7daaa79c6dea09df3bb4f1a9a99d providers/implementations/kem/rsa_kem.c +cad07d02f629f0b1440a3137191e84a254181e283bee1f4ea011697984cb3f64 providers/implementations/keymgmt/dh_kmgmt.c +b7f3cc675889eb79bb39a2cfff56c156e189519540bde8fd043cff37eab0a883 providers/implementations/keymgmt/dsa_kmgmt.c 3964a23ac071b0d6e54ea12c382e98abe1becfd9890194d94804715002b2b5b8 providers/implementations/keymgmt/ec_kmgmt.c 258ae17bb2dd87ed1511a8eb3fe99eed9b77f5c2f757215ff6b3d0e8791fc251 providers/implementations/keymgmt/ec_kmgmt_imexport.inc -02bcd47c626b65ef7eba3be418bd6c77b1949f1feb3fe99869fad33ebb6ca475 providers/implementations/keymgmt/ecx_kmgmt.c +c4fc653dc2a17fce2bcf03342c9eb80109584fd47272dc25adb683dc69cd751b providers/implementations/keymgmt/ecx_kmgmt.c daf35a7ab961ef70aefca981d80407935904c5da39dca6692432d6e6bc98759d providers/implementations/keymgmt/kdf_legacy_kmgmt.c -91832fb65cc8ee591989fcf0f039ad04ba463008b5be9549a2b0ae6882b257ab providers/implementations/keymgmt/mac_legacy_kmgmt.c +17d6bc9f386f147765d9653639056dcb40e258239a5a9fdc4876a4f0a1d47c21 providers/implementations/keymgmt/mac_legacy_kmgmt.c 9034a66a4bae1a15e127a5eca94bcec2ecaa971b205e945fcf7fba6b6bb8e47d providers/implementations/keymgmt/rsa_kmgmt.c -7a94dfdf6c0ea272b49a52191f1aaaa74b88cc9d08efa7789c1984be22a2052f providers/implementations/macs/cmac_prov.c +f2fc18af21f11b0e0ff9895f8b438caab4808256eaa680728b5e50736cc2c4b1 providers/implementations/macs/cmac_prov.c f29f282463f5bc432129850619edc427fe1d6cc8aa107b5703b11858b48790da providers/implementations/macs/gmac_prov.c -47065d5f3460bedc344376754debec56d0e83b8cab94018db77f899c403115bd providers/implementations/macs/hmac_prov.c -145f3d5d5ebd5fb3bbe32705d7d71ff03e35b776f1c77d2f43781263ccc6a808 providers/implementations/macs/kmac_prov.c +dece97b669da85cc9d867bfb7ffc227b7f48f36e198bd44e4b32c0cfc517d7fd providers/implementations/macs/hmac_prov.c +16f3dc42faceb235d7c4a495b9be7e8476094482de6ff421ab514390898154fd providers/implementations/macs/kmac_prov.c 3034074f99b02db045f2ccecc8782322e876dad07a3c169bdb24168b6b1f8cbd providers/implementations/rands/crngt.c -51688b34a8ba14234cf91c318ce9f97b8a54dbb501d6f56aa53d472f877d3660 providers/implementations/rands/drbg.c -c18ec061bfb908dadebd47ee49fd4aa3fd0d320a0ed85a0f8ae841be4be787d6 providers/implementations/rands/drbg_ctr.c -52df0b9fa3d9357364a27773418aba82def6ac3a3bf027f0e14398cf4e10a247 providers/implementations/rands/drbg_hash.c -989aae213883f4d21480a09273cc21b0ca5d482f4e2ebf6e513ce8853a7c727f providers/implementations/rands/drbg_hmac.c -df266cab55613a7515fa1eed7212bd07281d1d36bffcab436d2cb01cf514dd3d providers/implementations/rands/drbg_local.h -9fd2c79b264eed85ae750a70354fa9dfdfc54e8df72df6ceff403d68772214e8 providers/implementations/rands/test_rng.c +fcf5c044bbb92de1119759ead558ada3dfdf75db4874bd3bd0db1b46cb931190 providers/implementations/rands/drbg.c +4db4ec624c473960114966ca891a690481b029ed1a0b943458d7bfe7dff3fee5 providers/implementations/rands/drbg_ctr.c +e5c6f3ce421dc0e80e3c68c908e9338d2f74dfa6a3d2ebe0662ce61a165b0fca providers/implementations/rands/drbg_hash.c +2f762a617c9abd6d9355f54b35c4fe07164f200fbf31956c03bd0849f3e90f9d providers/implementations/rands/drbg_hmac.c +3e8a26ae26aab0b8ff02a20af59e5c187403df9a12c5bb69d7492b0843dfe47c providers/implementations/rands/drbg_local.h +e5fb82137f8afea68a67c1ea2d652831207961c53f14ab33ac0d879c9d0e8448 providers/implementations/rands/test_rng.c a9aa31d091df5b8f6710dd36761dfe7d32b6da1881f8581bed85ad4e171b0969 providers/implementations/signature/dsa_sig.c -6c8b5f325c997014bd71331c9eb6c185838cd81c10c3ad74dd65289ae923d629 providers/implementations/signature/ecdsa_sig.c -d9d4bbbb0af0d1db6f586a36fd63236e4becdd52468a1e6510994e80988400aa providers/implementations/signature/eddsa_sig.c +66486eb25c13b2e1f71d754043a2ee3fcdd722a55724d74498a632a6dc9f7c2b providers/implementations/signature/ecdsa_sig.c +26dbd28678268ea63819c58276f435bafce3562cf6dcffacd363afe451c0235c providers/implementations/signature/eddsa_sig.c e0e67e402ff19b0d2eb5228d7ebd70b9477c12595ac34d6f201373d7c8a516f4 providers/implementations/signature/mac_legacy_sig.c -638c23176fba0fbb324df2d1a52a13048b0f3aad7ddb0552f35b906cfdd7bb02 providers/implementations/signature/rsa_sig.c +90c6ecba4a453b9af73844a25da30637f84f904bb27adc20d5cb3afb89262fa2 providers/implementations/signature/rsa_sig.c 0b73a04f8a03106e2a0fea10978f9888158046c29c3993ca6557f5a6403d5580 ssl/record/methods/ssl3_cbc.c a8914c1661c53bcb0f435ec280c35c5a135e6c71296554c7322186847e194683 ssl/record/methods/tls_pad.c diff --git a/providers/fips.checksum b/providers/fips.checksum index 844a7f7b2b..2412b36c34 100644 --- a/providers/fips.checksum +++ b/providers/fips.checksum @@ -1 +1 @@ -179decb772ecd0063d75b578b699896a9b795033b891f520cc3577a2590d98b9 providers/fips-sources.checksums +10bb4e8298d03d3c3bbf6e6f66b86eedbee8f617b5f863c68a53d859ec466ddd providers/fips-sources.checksums diff --git a/providers/fips.module.sources b/providers/fips.module.sources index 3ab2c245d8..14e3d0722e 100644 --- a/providers/fips.module.sources +++ b/providers/fips.module.sources @@ -12,6 +12,9 @@ crypto/aes/asm/aes-parisc.pl crypto/aes/asm/aes-ppc.pl crypto/aes/asm/aes-riscv32-zkn.pl crypto/aes/asm/aes-riscv64-zkn.pl +crypto/aes/asm/aes-riscv64-zvbb-zvkg-zvkned.pl +crypto/aes/asm/aes-riscv64-zvkb-zvkned.pl +crypto/aes/asm/aes-riscv64-zvkned.pl crypto/aes/asm/aes-riscv64.pl crypto/aes/asm/aes-s390x.pl crypto/aes/asm/aes-sparcv9.pl @@ -153,7 +156,6 @@ crypto/ec/asm/ecp_nistz256-ppc64.pl crypto/ec/asm/ecp_nistz256-sparcv9.pl crypto/ec/asm/ecp_nistz256-x86.pl crypto/ec/asm/ecp_nistz256-x86_64.pl -crypto/ec/asm/ecp_sm2p256-armv8.pl crypto/ec/asm/x25519-ppc64.pl crypto/ec/asm/x25519-x86_64.pl crypto/ec/curve25519.c @@ -243,12 +245,15 @@ crypto/modes/asm/aes-gcm-armv8-unroll8_64.pl crypto/modes/asm/aes-gcm-armv8_64.pl crypto/modes/asm/aes-gcm-avx512.pl crypto/modes/asm/aes-gcm-ppc.pl +crypto/modes/asm/aes-gcm-riscv64-zvkb-zvkg-zvkned.pl crypto/modes/asm/aesni-gcm-x86_64.pl crypto/modes/asm/ghash-alpha.pl crypto/modes/asm/ghash-armv4.pl crypto/modes/asm/ghash-c64xplus.pl crypto/modes/asm/ghash-ia64.pl crypto/modes/asm/ghash-parisc.pl +crypto/modes/asm/ghash-riscv64-zvkb-zvbc.pl +crypto/modes/asm/ghash-riscv64-zvkg.pl crypto/modes/asm/ghash-riscv64.pl crypto/modes/asm/ghash-s390x.pl crypto/modes/asm/ghash-sparcv9.pl @@ -286,6 +291,7 @@ crypto/provider_local.h crypto/provider_predefined.c crypto/rand/rand_lib.c crypto/rand/rand_local.h +crypto/rcu_internal.h crypto/riscv32cpuid.pl crypto/riscv64cpuid.pl crypto/riscvcap.c @@ -340,6 +346,7 @@ crypto/sha/asm/sha256-586.pl crypto/sha/asm/sha256-armv4.pl crypto/sha/asm/sha256-c64xplus.pl crypto/sha/asm/sha256-mb-x86_64.pl +crypto/sha/asm/sha256-riscv64-zvkb-zvknha_or_zvknhb.pl crypto/sha/asm/sha512-586.pl crypto/sha/asm/sha512-armv4.pl crypto/sha/asm/sha512-armv8.pl @@ -348,6 +355,7 @@ crypto/sha/asm/sha512-ia64.pl crypto/sha/asm/sha512-mips.pl crypto/sha/asm/sha512-parisc.pl crypto/sha/asm/sha512-ppc.pl +crypto/sha/asm/sha512-riscv64-zvkb-zvknhb.pl crypto/sha/asm/sha512-s390x.pl crypto/sha/asm/sha512-sparcv9.pl crypto/sha/asm/sha512-x86_64.pl @@ -424,6 +432,7 @@ include/internal/params.h include/internal/property.h include/internal/propertyerr.h include/internal/provider.h +include/internal/rcu.h include/internal/refcount.h include/internal/safe_math.h include/internal/sha3.h diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index 7ec409710b..86c18de28e 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -695,6 +695,8 @@ int OSSL_provider_init_int(const OSSL_CORE_HANDLE *handle, } } + OPENSSL_cpuid_setup(); + /* Create a context. */ if ((*provctx = ossl_prov_ctx_new()) == NULL || (libctx = OSSL_LIB_CTX_new()) == NULL) diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc index afff3ba4df..d2a4778e92 100644 --- a/providers/fips/self_test_data.inc +++ b/providers/fips/self_test_data.inc @@ -1,5 +1,5 @@ /* - * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -1433,14 +1433,14 @@ static const unsigned char ecd_prime_pub[] = { 0x82 }; static const unsigned char ecdsa_prime_expected_sig[] = { - 0x30, 0x3d, 0x02, 0x1d, 0x00, 0xd2, 0x4a, 0xc9, - 0x4f, 0xaf, 0xdb, 0x62, 0xfc, 0x41, 0x4a, 0x81, - 0x2a, 0x9f, 0xcf, 0xa3, 0xda, 0xfe, 0xa3, 0x49, - 0xbd, 0xea, 0xbf, 0x2a, 0x51, 0xb4, 0x0b, 0xc3, - 0xbc, 0x02, 0x1c, 0x7f, 0x30, 0xb7, 0xad, 0xab, - 0x09, 0x6e, 0x3c, 0xad, 0x7f, 0xf9, 0x5e, 0xaa, - 0xe2, 0x38, 0xe5, 0x29, 0x16, 0xc4, 0xc8, 0x77, - 0xa1, 0xf8, 0x60, 0x77, 0x39, 0x7a, 0xec + 0x30, 0x3d, 0x02, 0x1c, 0x48, 0x4f, 0x3c, 0x97, + 0x5b, 0xfa, 0x40, 0x6c, 0xdb, 0xd6, 0x70, 0xb5, + 0xbd, 0x2d, 0xd0, 0xc6, 0x22, 0x93, 0x5a, 0x88, + 0x56, 0xd0, 0xaf, 0x0a, 0x94, 0x92, 0x20, 0x01, + 0x02, 0x1d, 0x00, 0xa4, 0x80, 0xe0, 0x47, 0x88, + 0x8a, 0xef, 0x2a, 0x47, 0x9d, 0x81, 0x9a, 0xbf, + 0x45, 0xc3, 0x6f, 0x9e, 0x2e, 0xc1, 0x44, 0x9f, + 0xfd, 0x79, 0xdb, 0x90, 0x3e, 0xb9, 0xb2 }; static const ST_KAT_PARAM ecdsa_prime_key[] = { ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecd_prime_curve_name), @@ -1468,15 +1468,15 @@ static const unsigned char ecd_bin_pub[] = { 0x99, 0xb6, 0x8f, 0x80, 0x46 }; static const unsigned char ecdsa_bin_expected_sig[] = { - 0x30, 0x3f, 0x02, 0x1d, 0x08, 0x11, 0x7c, 0xcd, - 0xf4, 0xa1, 0x31, 0x9a, 0xc1, 0xfd, 0x50, 0x0e, - 0x5d, 0xa9, 0xb6, 0x0e, 0x95, 0x49, 0xe1, 0xbd, - 0x44, 0xe3, 0x5b, 0xa9, 0x35, 0x94, 0xa5, 0x2f, - 0xae, 0x02, 0x1e, 0x00, 0xe3, 0xba, 0xb8, 0x8f, - 0x4b, 0x05, 0x76, 0x88, 0x1e, 0x49, 0xd6, 0x62, - 0x76, 0xd3, 0x22, 0x4d, 0xa3, 0x7b, 0x04, 0xcc, - 0xfa, 0x7b, 0x41, 0x9b, 0x8c, 0xaf, 0x1b, 0x6d, - 0xbd + 0x30, 0x3f, 0x02, 0x1d, 0x58, 0xe9, 0xd0, 0x84, + 0x5c, 0xad, 0x29, 0x03, 0xf6, 0xa6, 0xbc, 0xe0, + 0x24, 0x6d, 0x9e, 0x79, 0x5d, 0x1e, 0xe8, 0x5a, + 0xc3, 0x31, 0x0a, 0xa9, 0xfb, 0xe3, 0x99, 0x54, + 0x11, 0x02, 0x1e, 0x00, 0xa3, 0x44, 0x28, 0xa3, + 0x70, 0x97, 0x98, 0x17, 0xd7, 0xa6, 0xad, 0x91, + 0xaf, 0x41, 0x69, 0xb6, 0x06, 0x99, 0x39, 0xc7, + 0x63, 0xa4, 0x6a, 0x81, 0xe4, 0x9a, 0x9d, 0x15, + 0x8b }; static const ST_KAT_PARAM ecdsa_bin_key[] = { ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecd_bin_curve_name), @@ -1604,14 +1604,14 @@ static const unsigned char dsa_priv[] = { 0x40, 0x7e, 0x5c, 0xb7 }; static const unsigned char dsa_expected_sig[] = { - 0x30, 0x3c, 0x02, 0x1c, 0x70, 0xa4, 0x77, 0xb6, - 0x02, 0xb5, 0xd3, 0x07, 0x21, 0x22, 0x2d, 0xe3, - 0x4f, 0x7d, 0xfd, 0xfd, 0x6b, 0x4f, 0x03, 0x27, - 0x4c, 0xd3, 0xb2, 0x8c, 0x7c, 0xc5, 0xc4, 0xdf, - 0x02, 0x1c, 0x11, 0x52, 0x65, 0x16, 0x9f, 0xbd, - 0x4c, 0xe5, 0xab, 0xb2, 0x01, 0xd0, 0x7a, 0x30, - 0x5c, 0xc5, 0xba, 0x22, 0xc6, 0x62, 0x7e, 0xa6, - 0x7d, 0x98, 0x96, 0xc9, 0x77, 0x00 + 0x30, 0x3c, 0x02, 0x1c, 0x69, 0xc6, 0xd6, 0x9e, + 0x2b, 0x91, 0xea, 0x72, 0xb3, 0x8b, 0x7c, 0x57, + 0x48, 0x75, 0xb7, 0x65, 0xc0, 0xb4, 0xf7, 0xbb, + 0x08, 0xa4, 0x95, 0x77, 0xfc, 0xa7, 0xed, 0x31, + 0x02, 0x1c, 0x4c, 0x2c, 0xff, 0xc6, 0x55, 0xeb, + 0x8f, 0xa7, 0x4f, 0x27, 0xd8, 0xec, 0xfd, 0x62, + 0x73, 0xf2, 0xd1, 0x55, 0xa5, 0xf0, 0x41, 0x68, + 0x34, 0x8d, 0x9e, 0x88, 0x08, 0x06 }; static const ST_KAT_PARAM dsa_key[] = { diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c index f13c41abd6..856b367e45 100644 --- a/providers/fips/self_test_kats.c +++ b/providers/fips/self_test_kats.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -858,8 +858,12 @@ int SELF_TEST_kats(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) EVP_RAND_CTX *saved_rand = ossl_rand_get0_private_noncreating(libctx); int ret = 1; + if (saved_rand != NULL && !EVP_RAND_CTX_up_ref(saved_rand)) + return 0; if (!setup_main_random(libctx) || !RAND_set0_private(libctx, main_rand)) { + /* Decrement saved_rand reference counter */ + EVP_RAND_CTX_free(saved_rand); EVP_RAND_CTX_free(main_rand); return 0; } diff --git a/providers/implementations/ciphers/cipher_aes.h b/providers/implementations/ciphers/cipher_aes.h index 86a30ab145..c62ac5e7ea 100644 --- a/providers/implementations/ciphers/cipher_aes.h +++ b/providers/implementations/ciphers/cipher_aes.h @@ -1,5 +1,5 @@ /* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/ciphers/cipher_aes_gcm_hw.c b/providers/implementations/ciphers/cipher_aes_gcm_hw.c index 8f3c4870fd..207a16bc70 100644 --- a/providers/implementations/ciphers/cipher_aes_gcm_hw.c +++ b/providers/implementations/ciphers/cipher_aes_gcm_hw.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -142,9 +142,9 @@ static const PROV_GCM_HW aes_gcm = { # include "cipher_aes_gcm_hw_armv8.inc" #elif defined(PPC_AES_GCM_CAPABLE) && defined(_ARCH_PPC64) # include "cipher_aes_gcm_hw_ppc.inc" -#elif defined(__riscv) && __riscv_xlen == 64 +#elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 64 # include "cipher_aes_gcm_hw_rv64i.inc" -#elif defined(__riscv) && __riscv_xlen == 32 +#elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 32 # include "cipher_aes_gcm_hw_rv32i.inc" #else const PROV_GCM_HW *ossl_prov_aes_hw_gcm(size_t keybits) diff --git a/providers/implementations/ciphers/cipher_aes_hw.c b/providers/implementations/ciphers/cipher_aes_hw.c index e8550a9644..a3b72d9f72 100644 --- a/providers/implementations/ciphers/cipher_aes_hw.c +++ b/providers/implementations/ciphers/cipher_aes_hw.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -142,9 +142,9 @@ const PROV_CIPHER_HW *ossl_prov_cipher_hw_aes_##mode(size_t keybits) \ # include "cipher_aes_hw_t4.inc" #elif defined(S390X_aes_128_CAPABLE) # include "cipher_aes_hw_s390x.inc" -#elif defined(__riscv) && __riscv_xlen == 64 +#elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 64 # include "cipher_aes_hw_rv64i.inc" -#elif defined(__riscv) && __riscv_xlen == 32 +#elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 32 # include "cipher_aes_hw_rv32i.inc" #elif defined (ARMv8_HWAES_CAPABLE) # include "cipher_aes_hw_armv8.inc" diff --git a/providers/implementations/ciphers/cipher_aes_hw_s390x.inc b/providers/implementations/ciphers/cipher_aes_hw_s390x.inc index 0939b147e6..6c4a4cc995 100644 --- a/providers/implementations/ciphers/cipher_aes_hw_s390x.inc +++ b/providers/implementations/ciphers/cipher_aes_hw_s390x.inc @@ -1,5 +1,5 @@ /* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/ciphers/cipher_aes_ocb.c b/providers/implementations/ciphers/cipher_aes_ocb.c index aec988e44e..041a1aed22 100644 --- a/providers/implementations/ciphers/cipher_aes_ocb.c +++ b/providers/implementations/ciphers/cipher_aes_ocb.c @@ -367,12 +367,20 @@ static int aes_ocb_set_ctx_params(void *vctx, const OSSL_PARAM params[]) } if (p->data == NULL) { /* Tag len must be 0 to 16 */ - if (p->data_size > OCB_MAX_TAG_LEN) + if (p->data_size > OCB_MAX_TAG_LEN) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG_LENGTH); return 0; + } ctx->taglen = p->data_size; } else { - if (p->data_size != ctx->taglen || ctx->base.enc) + if (ctx->base.enc) { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); return 0; + } + if (p->data_size != ctx->taglen) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG_LENGTH); + return 0; + } memcpy(ctx->tag, p->data, p->data_size); } } diff --git a/providers/implementations/ciphers/cipher_aes_ocb_hw.c b/providers/implementations/ciphers/cipher_aes_ocb_hw.c index 7ece4d32c9..00920408b9 100644 --- a/providers/implementations/ciphers/cipher_aes_ocb_hw.c +++ b/providers/implementations/ciphers/cipher_aes_ocb_hw.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -104,7 +104,7 @@ static const PROV_CIPHER_HW aes_t4_ocb = { \ if (SPARC_AES_CAPABLE) \ return &aes_t4_ocb; -#elif defined(__riscv) && __riscv_xlen == 64 +#elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 64 static int cipher_hw_aes_ocb_rv64i_zknd_zkne_initkey(PROV_CIPHER_CTX *vctx, const unsigned char *key, @@ -152,7 +152,7 @@ static const PROV_CIPHER_HW aes_rv64i_zvkned_ocb = { \ else if (RISCV_HAS_ZKND_AND_ZKNE()) \ return &aes_rv64i_zknd_zkne_ocb; -#elif defined(__riscv) && __riscv_xlen == 32 +#elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 32 static int cipher_hw_aes_ocb_rv32i_zknd_zkne_initkey(PROV_CIPHER_CTX *vctx, const unsigned char *key, diff --git a/providers/implementations/ciphers/cipher_aes_xts_hw.c b/providers/implementations/ciphers/cipher_aes_xts_hw.c index cef1a05c59..3163234c3a 100644 --- a/providers/implementations/ciphers/cipher_aes_xts_hw.c +++ b/providers/implementations/ciphers/cipher_aes_xts_hw.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -159,7 +159,7 @@ static const PROV_CIPHER_HW aes_xts_t4 = { \ if (SPARC_AES_CAPABLE) \ return &aes_xts_t4; -#elif defined(__riscv) && __riscv_xlen == 64 +#elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 64 static int cipher_hw_aes_xts_rv64i_zknd_zkne_initkey(PROV_CIPHER_CTX *ctx, const unsigned char *key, @@ -245,7 +245,7 @@ if (RISCV_HAS_ZVKNED() && riscv_vlen() >= 128) \ else if (RISCV_HAS_ZKND_AND_ZKNE()) \ return &aes_xts_rv64i_zknd_zkne; -#elif defined(__riscv) && __riscv_xlen == 32 +#elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 32 static int cipher_hw_aes_xts_rv32i_zknd_zkne_initkey(PROV_CIPHER_CTX *ctx, const unsigned char *key, diff --git a/providers/implementations/ciphers/cipher_sm4_ccm_hw.c b/providers/implementations/ciphers/cipher_sm4_ccm_hw.c index 34f0e751e0..1c1d60494a 100644 --- a/providers/implementations/ciphers/cipher_sm4_ccm_hw.c +++ b/providers/implementations/ciphers/cipher_sm4_ccm_hw.c @@ -1,5 +1,5 @@ /* - * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -59,7 +59,7 @@ static const PROV_CCM_HW ccm_sm4 = { ossl_ccm_generic_gettag }; -#if defined(__riscv) && __riscv_xlen == 64 +#if defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 64 # include "cipher_sm4_ccm_hw_rv64i.inc" #else const PROV_CCM_HW *ossl_prov_sm4_hw_ccm(size_t keybits) diff --git a/providers/implementations/ciphers/cipher_sm4_gcm_hw.c b/providers/implementations/ciphers/cipher_sm4_gcm_hw.c index 06ca450782..c1e354be45 100644 --- a/providers/implementations/ciphers/cipher_sm4_gcm_hw.c +++ b/providers/implementations/ciphers/cipher_sm4_gcm_hw.c @@ -1,5 +1,5 @@ /* - * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -89,7 +89,7 @@ static const PROV_GCM_HW sm4_gcm = { ossl_gcm_one_shot }; -#if defined(__riscv) && __riscv_xlen == 64 +#if defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 64 # include "cipher_sm4_gcm_hw_rv64i.inc" #else const PROV_GCM_HW *ossl_prov_sm4_hw_gcm(size_t keybits) diff --git a/providers/implementations/ciphers/cipher_sm4_hw.c b/providers/implementations/ciphers/cipher_sm4_hw.c index c4f2f97ccc..05a83843eb 100644 --- a/providers/implementations/ciphers/cipher_sm4_hw.c +++ b/providers/implementations/ciphers/cipher_sm4_hw.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -134,7 +134,7 @@ const PROV_CIPHER_HW *ossl_prov_cipher_hw_sm4_##mode(size_t keybits) \ return &sm4_##mode; \ } -#if defined(__riscv) && __riscv_xlen == 64 +#if defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 64 # include "cipher_sm4_hw_rv64i.inc" #else /* The generic case */ diff --git a/providers/implementations/ciphers/cipher_sm4_xts_hw.c b/providers/implementations/ciphers/cipher_sm4_xts_hw.c index 6cf58e851f..d147cf1a61 100644 --- a/providers/implementations/ciphers/cipher_sm4_xts_hw.c +++ b/providers/implementations/ciphers/cipher_sm4_xts_hw.c @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -89,7 +89,7 @@ static const PROV_CIPHER_HW sm4_generic_xts = { cipher_hw_sm4_xts_copyctx }; -#if defined(__riscv) && __riscv_xlen == 64 +#if defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 64 # include "cipher_sm4_xts_hw_rv64i.inc" #else const PROV_CIPHER_HW *ossl_prov_cipher_hw_sm4_xts(size_t keybits) diff --git a/providers/implementations/digests/blake2b_prov.c b/providers/implementations/digests/blake2b_prov.c index a8b0848234..6ef7fac008 100644 --- a/providers/implementations/digests/blake2b_prov.c +++ b/providers/implementations/digests/blake2b_prov.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/digests/blake2s_prov.c b/providers/implementations/digests/blake2s_prov.c index e43f78aaa7..72cab1e9a1 100644 --- a/providers/implementations/digests/blake2s_prov.c +++ b/providers/implementations/digests/blake2s_prov.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/encode_decode/decode_der2key.c b/providers/implementations/encode_decode/decode_der2key.c index b0d4e0ecf6..ee66ab02ae 100644 --- a/providers/implementations/encode_decode/decode_der2key.c +++ b/providers/implementations/encode_decode/decode_der2key.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -32,6 +32,7 @@ #include "crypto/ecx.h" #include "crypto/rsa.h" #include "crypto/x509.h" +#include "openssl/obj_mac.h" #include "prov/bio.h" #include "prov/implementations.h" #include "endecoder_local.h" @@ -109,7 +110,10 @@ static void *der2key_decode_p8(const unsigned char **input_der, if ((p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, input_der, input_der_len)) != NULL && PKCS8_pkey_get0(NULL, NULL, NULL, &alg, p8inf) - && OBJ_obj2nid(alg->algorithm) == ctx->desc->evp_type) + && (OBJ_obj2nid(alg->algorithm) == ctx->desc->evp_type + /* Allow decoding sm2 private key with id_ecPublicKey */ + || (OBJ_obj2nid(alg->algorithm) == NID_X9_62_id_ecPublicKey + && ctx->desc->evp_type == NID_sm2))) key = key_from_pkcs8(p8inf, PROV_LIBCTX_OF(ctx->provctx), ctx->propq); PKCS8_PRIV_KEY_INFO_free(p8inf); @@ -312,10 +316,19 @@ static int der2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection, params[0] = OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &object_type); - params[1] = - OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE, - (char *)ctx->desc->keytype_name, - 0); + +#ifndef OPENSSL_NO_SM2 + if (strcmp(ctx->desc->keytype_name, "EC") == 0 + && (EC_KEY_get_flags(key) & EC_FLAG_SM2_RANGE) != 0) + params[1] = + OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE, + "SM2", 0); + else +#endif + params[1] = + OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE, + (char *)ctx->desc->keytype_name, + 0); /* The address of the key becomes the octet string */ params[2] = OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE, @@ -435,10 +448,16 @@ static void *ec_d2i_PKCS8(void **key, const unsigned char **der, long der_len, static int ec_check(void *key, struct der2key_ctx_st *ctx) { /* We're trying to be clever by comparing two truths */ - + int ret = 0; int sm2 = (EC_KEY_get_flags(key) & EC_FLAG_SM2_RANGE) != 0; - return sm2 == (ctx->desc->evp_type == EVP_PKEY_SM2); + if (sm2) + ret = ctx->desc->evp_type == EVP_PKEY_SM2 + || ctx->desc->evp_type == NID_X9_62_id_ecPublicKey; + else + ret = ctx->desc->evp_type != EVP_PKEY_SM2; + + return ret; } static void ec_adjust(void *key, struct der2key_ctx_st *ctx) diff --git a/providers/implementations/encode_decode/encode_key2any.c b/providers/implementations/encode_decode/encode_key2any.c index 83a57ebe12..2b39bf039f 100644 --- a/providers/implementations/encode_decode/encode_key2any.c +++ b/providers/implementations/encode_decode/encode_key2any.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/encode_decode/encode_key2text.c b/providers/implementations/encode_decode/encode_key2text.c index c0c2923285..db0c8abe82 100644 --- a/providers/implementations/encode_decode/encode_key2text.c +++ b/providers/implementations/encode_decode/encode_key2text.c @@ -112,7 +112,8 @@ static int print_labeled_bignum(BIO *out, const char *label, const BIGNUM *bn) use_sep = 0; /* The first byte on the next line doesn't have a : */ } if (BIO_printf(out, "%s%c%c", use_sep ? ":" : "", - tolower(p[0]), tolower(p[1])) <= 0) + tolower((unsigned char)p[0]), + tolower((unsigned char)p[1])) <= 0) goto err; ++bytes; p += 2; diff --git a/providers/implementations/exchange/kdf_exch.c b/providers/implementations/exchange/kdf_exch.c index 4aaf673398..340a2663c5 100644 --- a/providers/implementations/exchange/kdf_exch.c +++ b/providers/implementations/exchange/kdf_exch.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -28,9 +28,13 @@ static OSSL_FUNC_keyexch_derive_fn kdf_derive; static OSSL_FUNC_keyexch_freectx_fn kdf_freectx; static OSSL_FUNC_keyexch_dupctx_fn kdf_dupctx; static OSSL_FUNC_keyexch_set_ctx_params_fn kdf_set_ctx_params; +static OSSL_FUNC_keyexch_get_ctx_params_fn kdf_get_ctx_params; static OSSL_FUNC_keyexch_settable_ctx_params_fn kdf_tls1_prf_settable_ctx_params; static OSSL_FUNC_keyexch_settable_ctx_params_fn kdf_hkdf_settable_ctx_params; static OSSL_FUNC_keyexch_settable_ctx_params_fn kdf_scrypt_settable_ctx_params; +static OSSL_FUNC_keyexch_gettable_ctx_params_fn kdf_tls1_prf_gettable_ctx_params; +static OSSL_FUNC_keyexch_gettable_ctx_params_fn kdf_hkdf_gettable_ctx_params; +static OSSL_FUNC_keyexch_gettable_ctx_params_fn kdf_scrypt_gettable_ctx_params; typedef struct { void *provctx; @@ -169,6 +173,13 @@ static int kdf_set_ctx_params(void *vpkdfctx, const OSSL_PARAM params[]) return EVP_KDF_CTX_set_params(pkdfctx->kdfctx, params); } +static int kdf_get_ctx_params(void *vpkdfctx, OSSL_PARAM params[]) +{ + PROV_KDF_CTX *pkdfctx = (PROV_KDF_CTX *)vpkdfctx; + + return EVP_KDF_CTX_get_params(pkdfctx->kdfctx, params); +} + static const OSSL_PARAM *kdf_settable_ctx_params(ossl_unused void *vpkdfctx, void *provctx, const char *kdfname) @@ -197,6 +208,34 @@ KDF_SETTABLE_CTX_PARAMS(tls1_prf, "TLS1-PRF") KDF_SETTABLE_CTX_PARAMS(hkdf, "HKDF") KDF_SETTABLE_CTX_PARAMS(scrypt, "SCRYPT") +static const OSSL_PARAM *kdf_gettable_ctx_params(ossl_unused void *vpkdfctx, + void *provctx, + const char *kdfname) +{ + EVP_KDF *kdf = EVP_KDF_fetch(PROV_LIBCTX_OF(provctx), kdfname, + NULL); + const OSSL_PARAM *params; + + if (kdf == NULL) + return NULL; + + params = EVP_KDF_gettable_ctx_params(kdf); + EVP_KDF_free(kdf); + + return params; +} + +#define KDF_GETTABLE_CTX_PARAMS(funcname, kdfname) \ + static const OSSL_PARAM *kdf_##funcname##_gettable_ctx_params(void *vpkdfctx, \ + void *provctx) \ + { \ + return kdf_gettable_ctx_params(vpkdfctx, provctx, kdfname); \ + } + +KDF_GETTABLE_CTX_PARAMS(tls1_prf, "TLS1-PRF") +KDF_GETTABLE_CTX_PARAMS(hkdf, "HKDF") +KDF_GETTABLE_CTX_PARAMS(scrypt, "SCRYPT") + #define KDF_KEYEXCH_FUNCTIONS(funcname) \ const OSSL_DISPATCH ossl_kdf_##funcname##_keyexch_functions[] = { \ { OSSL_FUNC_KEYEXCH_NEWCTX, (void (*)(void))kdf_##funcname##_newctx }, \ @@ -205,8 +244,11 @@ KDF_SETTABLE_CTX_PARAMS(scrypt, "SCRYPT") { OSSL_FUNC_KEYEXCH_FREECTX, (void (*)(void))kdf_freectx }, \ { OSSL_FUNC_KEYEXCH_DUPCTX, (void (*)(void))kdf_dupctx }, \ { OSSL_FUNC_KEYEXCH_SET_CTX_PARAMS, (void (*)(void))kdf_set_ctx_params }, \ + { OSSL_FUNC_KEYEXCH_GET_CTX_PARAMS, (void (*)(void))kdf_get_ctx_params }, \ { OSSL_FUNC_KEYEXCH_SETTABLE_CTX_PARAMS, \ (void (*)(void))kdf_##funcname##_settable_ctx_params }, \ + { OSSL_FUNC_KEYEXCH_GETTABLE_CTX_PARAMS, \ + (void (*)(void))kdf_##funcname##_gettable_ctx_params }, \ OSSL_DISPATCH_END \ }; diff --git a/providers/implementations/kdfs/argon2.c b/providers/implementations/kdfs/argon2.c index fe84ab54ca..6acf47fb1a 100644 --- a/providers/implementations/kdfs/argon2.c +++ b/providers/implementations/kdfs/argon2.c @@ -1071,8 +1071,8 @@ static int kdf_argon2_derive(void *vctx, unsigned char *out, size_t outlen, # else if (ctx->threads > ossl_get_avail_threads(ctx->libctx)) { ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_THREAD_POOL_SIZE, - "requested %u threads, available: 1", - ossl_get_avail_threads(ctx->libctx)); + "requested %u threads, available: %u", + ctx->threads, ossl_get_avail_threads(ctx->libctx)); return 0; } # endif diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c index a83e298227..15ff8bbdad 100644 --- a/providers/implementations/kdfs/hkdf.c +++ b/providers/implementations/kdfs/hkdf.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -316,6 +316,13 @@ static int kdf_hkdf_get_ctx_params(void *vctx, OSSL_PARAM params[]) return 0; return OSSL_PARAM_set_size_t(p, sz); } + if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_INFO)) != NULL) { + if (ctx->info == NULL || ctx->info_len == 0) { + p->return_size = 0; + return 1; + } + return OSSL_PARAM_set_octet_string(p, ctx->info, ctx->info_len); + } return -2; } @@ -324,6 +331,7 @@ static const OSSL_PARAM *kdf_hkdf_gettable_ctx_params(ossl_unused void *ctx, { static const OSSL_PARAM known_gettable_ctx_params[] = { OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), + OSSL_PARAM_octet_string(OSSL_KDF_PARAM_INFO, NULL, 0), OSSL_PARAM_END }; return known_gettable_ctx_params; @@ -638,7 +646,7 @@ static int prov_tls13_hkdf_generate_secret(OSSL_LIB_CTX *libctx, EVP_MD_CTX_free(mctx); /* Generate the pre-extract secret */ - if (!prov_tls13_hkdf_expand(md, prevsecret, mdlen, + if (!prov_tls13_hkdf_expand(md, prevsecret, prevsecretlen, prefix, prefixlen, label, labellen, hash, mdlen, preextractsec, mdlen)) return 0; diff --git a/providers/implementations/kdfs/kbkdf.c b/providers/implementations/kdfs/kbkdf.c index e6855d5732..5d6ebdf396 100644 --- a/providers/implementations/kdfs/kbkdf.c +++ b/providers/implementations/kdfs/kbkdf.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2019 Red Hat, Inc. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -354,7 +354,8 @@ static int kbkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) if (!ossl_prov_macctx_load_from_params(&ctx->ctx_init, params, NULL, NULL, NULL, libctx)) return 0; - else if (ctx->ctx_init != NULL) { + if (ctx->ctx_init != NULL) { + ctx->is_kmac = 0; if (EVP_MAC_is_a(EVP_MAC_CTX_get0_mac(ctx->ctx_init), OSSL_MAC_NAME_KMAC128) || EVP_MAC_is_a(EVP_MAC_CTX_get0_mac(ctx->ctx_init), diff --git a/providers/implementations/kdfs/krb5kdf.c b/providers/implementations/kdfs/krb5kdf.c index 19dcd83835..bc951f7417 100644 --- a/providers/implementations/kdfs/krb5kdf.c +++ b/providers/implementations/kdfs/krb5kdf.c @@ -1,5 +1,5 @@ /* - * Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/kdfs/pbkdf1.c b/providers/implementations/kdfs/pbkdf1.c index 33e0ee6009..69d3f7cb29 100644 --- a/providers/implementations/kdfs/pbkdf1.c +++ b/providers/implementations/kdfs/pbkdf1.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/kdfs/scrypt.c b/providers/implementations/kdfs/scrypt.c index ee2d4a7d32..d6f90753e3 100644 --- a/providers/implementations/kdfs/scrypt.c +++ b/providers/implementations/kdfs/scrypt.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -92,7 +92,9 @@ static void kdf_scrypt_reset(void *vctx) KDF_SCRYPT *ctx = (KDF_SCRYPT *)vctx; OPENSSL_free(ctx->salt); + ctx->salt = NULL; OPENSSL_clear_free(ctx->pass, ctx->pass_len); + ctx->pass = NULL; kdf_scrypt_init(ctx); } @@ -162,7 +164,6 @@ static int set_digest(KDF_SCRYPT *ctx) EVP_MD_free(ctx->sha256); ctx->sha256 = EVP_MD_fetch(ctx->libctx, "sha256", ctx->propq); if (ctx->sha256 == NULL) { - OPENSSL_free(ctx); ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_LOAD_SHA256); return 0; } diff --git a/providers/implementations/kem/ec_kem.c b/providers/implementations/kem/ec_kem.c index b82f903662..7f84fcbb2f 100644 --- a/providers/implementations/kem/ec_kem.c +++ b/providers/implementations/kem/ec_kem.c @@ -405,10 +405,10 @@ int ossl_ec_dhkem_derive_private(EC_KEY *ec, BIGNUM *priv, return 0; /* ikmlen should have a length of at least Nsk */ - if (ikmlen < info->Nsecret) { + if (ikmlen < info->Nsk) { ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_INPUT_LENGTH, "ikm length is :%zu, should be at least %zu", - ikmlen, info->Nsecret); + ikmlen, info->Nsk); goto err; } diff --git a/providers/implementations/kem/rsa_kem.c b/providers/implementations/kem/rsa_kem.c index ff22ddffcf..5b8c2f2f15 100644 --- a/providers/implementations/kem/rsa_kem.c +++ b/providers/implementations/kem/rsa_kem.c @@ -265,6 +265,17 @@ static int rsasve_generate(PROV_RSA_CTX *prsactx, *secretlen = nlen; return 1; } + + /* + * If outlen is specified, then it must report the length + * of the out buffer on input so that we can confirm + * its size is sufficent for encapsulation + */ + if (outlen != NULL && *outlen < nlen) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_OUTPUT_LENGTH); + return 0; + } + /* * Step (2): Generate a random byte string z of nlen bytes where * 1 < z < n - 1 @@ -286,15 +297,33 @@ static int rsasve_generate(PROV_RSA_CTX *prsactx, return ret; } -/* - * NIST.SP.800-56Br2 +/** + * rsasve_recover - Recovers a secret value from ciphertext using an RSA + * private key. Once, recovered, the secret value is considered to be a + * shared secret. Algorithm is preformed as per + * NIST SP 800-56B Rev 2 * 7.2.1.3 RSASVE Recovery Operation (RSASVE.RECOVER). + * + * This function performs RSA decryption using the private key from the + * provided RSA context (`prsactx`). It takes the input ciphertext, decrypts + * it, and writes the decrypted message to the output buffer. + * + * @prsactx: The RSA context containing the private key. + * @out: The output buffer to store the decrypted message. + * @outlen: On input, the size of the output buffer. On successful + * completion, the actual length of the decrypted message. + * @in: The input buffer containing the ciphertext to be decrypted. + * @inlen: The length of the input ciphertext in bytes. + * + * Returns 1 on success, or 0 on error. In case of error, appropriate + * error messages are raised using the ERR_raise function. */ static int rsasve_recover(PROV_RSA_CTX *prsactx, unsigned char *out, size_t *outlen, const unsigned char *in, size_t inlen) { size_t nlen; + int ret; /* Step (1): get the byte length of n */ nlen = RSA_size(prsactx->rsa); @@ -308,13 +337,30 @@ static int rsasve_recover(PROV_RSA_CTX *prsactx, return 1; } - /* Step (2): check the input ciphertext 'inlen' matches the nlen */ + /* + * Step (2): check the input ciphertext 'inlen' matches the nlen + * and that outlen is at least nlen bytes + */ if (inlen != nlen) { ERR_raise(ERR_LIB_PROV, PROV_R_BAD_LENGTH); return 0; } + + /* + * If outlen is specified, then it must report the length + * of the out buffer, so that we can confirm that it is of + * sufficient size to hold the output of decapsulation + */ + if (outlen != NULL && *outlen < nlen) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_OUTPUT_LENGTH); + return 0; + } + /* Step (3): out = RSADP((n,d), in) */ - return (RSA_private_decrypt(inlen, in, out, prsactx->rsa, RSA_NO_PADDING) > 0); + ret = RSA_private_decrypt(inlen, in, out, prsactx->rsa, RSA_NO_PADDING); + if (ret > 0 && outlen != NULL) + *outlen = ret; + return ret > 0; } static int rsakem_generate(void *vprsactx, unsigned char *out, size_t *outlen, diff --git a/providers/implementations/keymgmt/dsa_kmgmt.c b/providers/implementations/keymgmt/dsa_kmgmt.c index 88a2feda57..f400c0c144 100644 --- a/providers/implementations/keymgmt/dsa_kmgmt.c +++ b/providers/implementations/keymgmt/dsa_kmgmt.c @@ -426,7 +426,7 @@ static void *dsa_gen_init(void *provctx, int selection, gctx->hindex = 0; } if (!dsa_gen_set_params(gctx, params)) { - OPENSSL_free(gctx); + dsa_gen_cleanup(gctx); gctx = NULL; } return gctx; @@ -587,7 +587,7 @@ static void *dsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) && (gctx->gen_type <= DSA_PARAMGEN_TYPE_FIPS_DEFAULT))) { ERR_raise_data(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR, "gen_type set to unsupported value %d", gctx->gen_type); - return NULL; + goto end; } gctx->cb = osslcb; diff --git a/providers/implementations/keymgmt/ecx_kmgmt.c b/providers/implementations/keymgmt/ecx_kmgmt.c index ae11fd4bc0..9e7f99b532 100644 --- a/providers/implementations/keymgmt/ecx_kmgmt.c +++ b/providers/implementations/keymgmt/ecx_kmgmt.c @@ -348,7 +348,6 @@ static const OSSL_PARAM ecx_gettable_params[] = { OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL), OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL), OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL), - OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_MANDATORY_DIGEST, NULL, 0), OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0), ECX_KEY_TYPES(), OSSL_PARAM_END @@ -358,6 +357,7 @@ static const OSSL_PARAM ed_gettable_params[] = { OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL), OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL), OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL), + OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_MANDATORY_DIGEST, NULL, 0), ECX_KEY_TYPES(), OSSL_PARAM_END }; @@ -489,7 +489,7 @@ static void *ecx_gen_init(void *provctx, int selection, gctx->selection = selection; } if (!ecx_gen_set_params(gctx, params)) { - OPENSSL_free(gctx); + ecx_gen_cleanup(gctx); gctx = NULL; } return gctx; diff --git a/providers/implementations/keymgmt/mac_legacy_kmgmt.c b/providers/implementations/keymgmt/mac_legacy_kmgmt.c index f952ebb227..161a433caf 100644 --- a/providers/implementations/keymgmt/mac_legacy_kmgmt.c +++ b/providers/implementations/keymgmt/mac_legacy_kmgmt.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -393,7 +393,7 @@ static void *mac_gen_init(void *provctx, int selection, struct mac_gen_ctx *gctx = mac_gen_init_common(provctx, selection); if (gctx != NULL && !mac_gen_set_params(gctx, params)) { - OPENSSL_free(gctx); + mac_gen_cleanup(gctx); gctx = NULL; } return gctx; @@ -405,7 +405,7 @@ static void *cmac_gen_init(void *provctx, int selection, struct mac_gen_ctx *gctx = mac_gen_init_common(provctx, selection); if (gctx != NULL && !cmac_gen_set_params(gctx, params)) { - OPENSSL_free(gctx); + mac_gen_cleanup(gctx); gctx = NULL; } return gctx; diff --git a/providers/implementations/rands/drbg.c b/providers/implementations/rands/drbg.c index f42662b1a7..4d48a48449 100644 --- a/providers/implementations/rands/drbg.c +++ b/providers/implementations/rands/drbg.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -202,6 +202,11 @@ static size_t get_entropy(PROV_DRBG *drbg, unsigned char **pout, int entropy, return ossl_crngt_get_entropy(drbg, pout, entropy, min_len, max_len, prediction_resistance); #else + /* + * In normal use (i.e. OpenSSL's own uses), this is never called. + * Outside of the FIPS provider, OpenSSL sets its DRBGs up so that + * they always have a parent. This remains purely for legacy reasons. + */ return ossl_prov_get_entropy(drbg->provctx, pout, entropy, min_len, max_len); #endif diff --git a/providers/implementations/rands/drbg_ctr.c b/providers/implementations/rands/drbg_ctr.c index cea68599e6..0c4553ad58 100644 --- a/providers/implementations/rands/drbg_ctr.c +++ b/providers/implementations/rands/drbg_ctr.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/rands/drbg_hash.c b/providers/implementations/rands/drbg_hash.c index a35c1f153e..b9854a9aa9 100644 --- a/providers/implementations/rands/drbg_hash.c +++ b/providers/implementations/rands/drbg_hash.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/rands/drbg_hmac.c b/providers/implementations/rands/drbg_hmac.c index bc8a4ff578..03b43a3c39 100644 --- a/providers/implementations/rands/drbg_hmac.c +++ b/providers/implementations/rands/drbg_hmac.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/rands/drbg_local.h b/providers/implementations/rands/drbg_local.h index 95ad417657..902dfc937d 100644 --- a/providers/implementations/rands/drbg_local.h +++ b/providers/implementations/rands/drbg_local.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c index fe65ed8dc6..5ea5cf5c2b 100644 --- a/providers/implementations/signature/ecdsa_sig.c +++ b/providers/implementations/signature/ecdsa_sig.c @@ -196,9 +196,13 @@ static int ecdsa_sign(void *vctx, unsigned char *sig, size_t *siglen, return 0; if (ctx->nonce_type != 0) { + const char *mdname = NULL; + + if (ctx->mdname[0] != '\0') + mdname = ctx->mdname; ret = ossl_ecdsa_deterministic_sign(tbs, tbslen, sig, &sltmp, ctx->ec, ctx->nonce_type, - ctx->mdname, + mdname, ctx->libctx, ctx->propq); } else { ret = ECDSA_sign_ex(0, tbs, tbslen, sig, &sltmp, ctx->kinv, ctx->r, @@ -546,18 +550,9 @@ static const OSSL_PARAM settable_ctx_params[] = { OSSL_PARAM_END }; -static const OSSL_PARAM settable_ctx_params_no_digest[] = { - OSSL_PARAM_uint(OSSL_SIGNATURE_PARAM_KAT, NULL), - OSSL_PARAM_END -}; - static const OSSL_PARAM *ecdsa_settable_ctx_params(void *vctx, ossl_unused void *provctx) { - PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; - - if (ctx != NULL && !ctx->flag_allow_md) - return settable_ctx_params_no_digest; return settable_ctx_params; } diff --git a/providers/implementations/signature/eddsa_sig.c b/providers/implementations/signature/eddsa_sig.c index 8594af39e1..d8ec331f7f 100644 --- a/providers/implementations/signature/eddsa_sig.c +++ b/providers/implementations/signature/eddsa_sig.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -216,6 +216,7 @@ static int eddsa_digest_signverify_init(void *vpeddsactx, const char *mdname, /* Should never happen */ ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); ossl_ecx_key_free(edkey); + WPACKET_cleanup(&pkt); return 0; } if (ret && WPACKET_finish(&pkt)) { diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c index 76db37dd02..f98fb61ce3 100644 --- a/providers/implementations/signature/rsa_sig.c +++ b/providers/implementations/signature/rsa_sig.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -207,13 +207,29 @@ static int rsa_pss_compute_saltlen(PROV_RSA_CTX *ctx) * Provide a way to use at most the digest length, so that the default does * not violate FIPS 186-4. */ if (saltlen == RSA_PSS_SALTLEN_DIGEST) { - saltlen = EVP_MD_get_size(ctx->md); + if ((saltlen = EVP_MD_get_size(ctx->md)) <= 0) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST); + return -1; + } } else if (saltlen == RSA_PSS_SALTLEN_AUTO_DIGEST_MAX) { saltlen = RSA_PSS_SALTLEN_MAX; - saltlenMax = EVP_MD_get_size(ctx->md); + if ((saltlenMax = EVP_MD_get_size(ctx->md)) <= 0) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST); + return -1; + } } if (saltlen == RSA_PSS_SALTLEN_MAX || saltlen == RSA_PSS_SALTLEN_AUTO) { - saltlen = RSA_size(ctx->rsa) - EVP_MD_get_size(ctx->md) - 2; + int mdsize, rsasize; + + if ((mdsize = EVP_MD_get_size(ctx->md)) <= 0) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST); + return -1; + } + if ((rsasize = RSA_size(ctx->rsa)) <= 2 || rsasize - 2 < mdsize) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY); + return -1; + } + saltlen = rsasize - mdsize - 2; if ((RSA_bits(ctx->rsa) & 0x7) == 1) saltlen--; if (saltlenMax >= 0 && saltlen > saltlenMax) diff --git a/providers/implementations/storemgmt/file_store.c b/providers/implementations/storemgmt/file_store.c index 171c74d581..8e8163c694 100644 --- a/providers/implementations/storemgmt/file_store.c +++ b/providers/implementations/storemgmt/file_store.c @@ -234,7 +234,7 @@ static void *file_open(void *provctx, const char *uri) #ifdef _WIN32 /* Windows "file:" URIs with a drive letter start with a '/' */ if (p[0] == '/' && p[2] == ':' && p[3] == '/') { - char c = tolower(p[1]); + char c = tolower((unsigned char)p[1]); if (c >= 'a' && c <= 'z') { p++; diff --git a/python-ecdsa b/python-ecdsa index 4de8d5bf89..4096fa0171 160000 --- a/python-ecdsa +++ b/python-ecdsa @@ -1 +1 @@ -Subproject commit 4de8d5bf89089d1140eb99aa5d7eb2dc8e6337b6 +Subproject commit 4096fa01715929e08b97e73f3173aee9d57f2a3f diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c index 44b05ad27d..ac65a3988b 100644 --- a/ssl/bio_ssl.c +++ b/ssl/bio_ssl.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -79,7 +79,7 @@ static int ssl_free(BIO *a) return 0; bs = BIO_get_data(a); if (BIO_get_shutdown(a)) { - if (bs->ssl != NULL) + if (bs->ssl != NULL && !SSL_in_init(bs->ssl)) SSL_shutdown(bs->ssl); if (BIO_get_init(a)) SSL_free(bs->ssl); diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index 1ac0975d0a..bac18c4651 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -395,7 +395,7 @@ int dtls1_handle_timeout(SSL_CONNECTION *s) } if (s->d1->timer_cb != NULL) - s->d1->timeout_duration_us = s->d1->timer_cb(SSL_CONNECTION_GET_SSL(s), + s->d1->timeout_duration_us = s->d1->timer_cb(SSL_CONNECTION_GET_USER_SSL(s), s->d1->timeout_duration_us); else dtls1_double_timeout(s); diff --git a/ssl/d1_srtp.c b/ssl/d1_srtp.c index f21d12b872..155021ff58 100644 --- a/ssl/d1_srtp.c +++ b/ssl/d1_srtp.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/ssl/quic/json_enc.c b/ssl/quic/json_enc.c index 650247f869..3e9f715dfa 100644 --- a/ssl/quic/json_enc.c +++ b/ssl/quic/json_enc.c @@ -1,5 +1,5 @@ /* - * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -9,6 +9,7 @@ #include "internal/json_enc.h" #include "internal/nelem.h" +#include "internal/numbers.h" #include #include @@ -602,10 +603,19 @@ void ossl_json_f64(OSSL_JSON_ENC *json, double value) if (!json_pre_item(json)) return; - if (isnan(value) || isinf(value)) { - json_raise_error(json); - return; +#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L + { + int checks = isnan(value); +# if !defined(OPENSSL_SYS_VMS) + checks |= isinf(value); +# endif + + if (checks) { + json_raise_error(json); + return; + } } +#endif BIO_snprintf(buf, sizeof(buf), "%1.17g", value); json_write_str(json, buf); diff --git a/ssl/quic/qlog.c b/ssl/quic/qlog.c index c14d53eece..3aadda046f 100644 --- a/ssl/quic/qlog.c +++ b/ssl/quic/qlog.c @@ -1,5 +1,5 @@ /* - * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/ssl/quic/qlog_event_helpers.c b/ssl/quic/qlog_event_helpers.c index 32a7a9175d..55cc28d9f9 100644 --- a/ssl/quic/qlog_event_helpers.c +++ b/ssl/quic/qlog_event_helpers.c @@ -1,5 +1,5 @@ /* - * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/ssl/quic/quic_channel.c b/ssl/quic/quic_channel.c index 5bc08fad91..88e86b83df 100644 --- a/ssl/quic/quic_channel.c +++ b/ssl/quic/quic_channel.c @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -474,8 +474,7 @@ int ossl_quic_channel_get_peer_addr(QUIC_CHANNEL *ch, BIO_ADDR *peer_addr) if (!ch->addressed_mode) return 0; - *peer_addr = ch->cur_peer_addr; - return 1; + return BIO_ADDR_copy(peer_addr, &ch->cur_peer_addr); } int ossl_quic_channel_set_peer_addr(QUIC_CHANNEL *ch, const BIO_ADDR *peer_addr) @@ -489,8 +488,12 @@ int ossl_quic_channel_set_peer_addr(QUIC_CHANNEL *ch, const BIO_ADDR *peer_addr) return 1; } - ch->cur_peer_addr = *peer_addr; - ch->addressed_mode = 1; + if (!BIO_ADDR_copy(&ch->cur_peer_addr, peer_addr)) { + ch->addressed_mode = 0; + return 0; + } + ch->addressed_mode = 1; + return 1; } @@ -3344,7 +3347,9 @@ int ossl_quic_channel_on_new_conn(QUIC_CHANNEL *ch, const BIO_ADDR *peer, return 0; /* Note our newly learnt peer address and CIDs. */ - ch->cur_peer_addr = *peer; + if (!BIO_ADDR_copy(&ch->cur_peer_addr, peer)) + return 0; + ch->init_dcid = *peer_dcid; ch->cur_remote_dcid = *peer_scid; diff --git a/ssl/quic/quic_demux.c b/ssl/quic/quic_demux.c index 5677c1e0d5..a84a44c6e9 100644 --- a/ssl/quic/quic_demux.c +++ b/ssl/quic/quic_demux.c @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -442,6 +442,7 @@ int ossl_quic_demux_inject(QUIC_DEMUX *demux, /* Move from free list to pending list. */ ossl_list_urxe_remove(&demux->urx_free, urxe); + urxe->datagram_id = demux->next_datagram_id++; ossl_list_urxe_insert_tail(&demux->urx_pending, urxe); urxe->demux_state = URXE_DEMUX_STATE_PENDING; diff --git a/ssl/quic/quic_engine.c b/ssl/quic/quic_engine.c index 3bcb5d6810..f0724f240e 100644 --- a/ssl/quic/quic_engine.c +++ b/ssl/quic/quic_engine.c @@ -131,7 +131,7 @@ static void qeng_tick(QUIC_TICK_RESULT *res, void *arg, uint32_t flags) return; /* Iterate through all ports and service them. */ - LIST_FOREACH(port, port, &qeng->port_list) { + OSSL_LIST_FOREACH(port, port, &qeng->port_list) { QUIC_TICK_RESULT subr = {0}; ossl_quic_port_subtick(port, &subr, flags); diff --git a/ssl/quic/quic_fc.c b/ssl/quic/quic_fc.c index 709cd91132..64ef31780c 100644 --- a/ssl/quic/quic_fc.c +++ b/ssl/quic/quic_fc.c @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/ssl/quic/quic_fifd.c b/ssl/quic/quic_fifd.c index 89e0c3ca01..1d1bcc11ce 100644 --- a/ssl/quic/quic_fifd.c +++ b/ssl/quic/quic_fifd.c @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c index d24769bfc2..240eaab72b 100644 --- a/ssl/quic/quic_impl.c +++ b/ssl/quic/quic_impl.c @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -25,7 +25,7 @@ static void aon_write_finish(QUIC_XSO *xso); static int create_channel(QUIC_CONNECTION *qc); static QUIC_XSO *create_xso_from_stream(QUIC_CONNECTION *qc, QUIC_STREAM *qs); static int qc_try_create_default_xso_for_write(QCTX *ctx); -static int qc_wait_for_default_xso_for_read(QCTX *ctx); +static int qc_wait_for_default_xso_for_read(QCTX *ctx, int peek); static void quic_lock(QUIC_CONNECTION *qc); static void quic_unlock(QUIC_CONNECTION *qc); static void quic_lock_for_io(QCTX *ctx); @@ -268,7 +268,7 @@ static int ossl_unused expect_quic_with_stream_lock(const SSL *s, int remote_ini if (!qc_try_create_default_xso_for_write(ctx)) goto err; } else { - if (!qc_wait_for_default_xso_for_read(ctx)) + if (!qc_wait_for_default_xso_for_read(ctx, /*peek=*/0)) goto err; } @@ -403,7 +403,7 @@ SSL *ossl_quic_new(SSL_CTX *ctx) goto err; } - qc->tls = ossl_ssl_connection_new_int(ctx, TLS_method()); + qc->tls = ossl_ssl_connection_new_int(ctx, ssl_base, TLS_method()); if (qc->tls == NULL || (sc = SSL_CONNECTION_FROM_SSL(qc->tls)) == NULL) { QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL); goto err; @@ -1065,7 +1065,8 @@ int ossl_quic_handle_events(SSL *s) return 0; quic_lock(ctx.qc); - ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0); + if (ctx.qc->started) + ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0); quic_unlock(ctx.qc); return 1; } @@ -1088,8 +1089,9 @@ int ossl_quic_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite) quic_lock(ctx.qc); - deadline - = ossl_quic_reactor_get_tick_deadline(ossl_quic_channel_get_reactor(ctx.qc->ch)); + if (ctx.qc->started) + deadline + = ossl_quic_reactor_get_tick_deadline(ossl_quic_channel_get_reactor(ctx.qc->ch)); if (ossl_time_is_infinite(deadline)) { *is_infinite = 1; @@ -1851,7 +1853,7 @@ static int quic_wait_for_stream(void *arg) } QUIC_NEEDS_LOCK -static int qc_wait_for_default_xso_for_read(QCTX *ctx) +static int qc_wait_for_default_xso_for_read(QCTX *ctx, int peek) { /* Called on a QCSO and we don't currently have a default stream. */ uint64_t expect_id; @@ -1893,6 +1895,9 @@ static int qc_wait_for_default_xso_for_read(QCTX *ctx) } if (qs == NULL) { + if (peek) + return 0; + if (!qc_blocking_mode(qc)) /* Non-blocking mode, so just bail immediately. */ return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_READ); @@ -2312,9 +2317,13 @@ static int quic_write_blocking(QCTX *ctx, const void *buf, size_t len, quic_post_write(xso, actual_written > 0, actual_written == len, flags, 1); + /* + * Record however much data we wrote + */ + *written = actual_written; + if (actual_written == len) { /* Managed to append everything on the first try. */ - *written = actual_written; return 1; } @@ -2338,7 +2347,14 @@ static int quic_write_blocking(QCTX *ctx, const void *buf, size_t len, return QUIC_RAISE_NON_NORMAL_ERROR(ctx, args.err, NULL); } - *written = args.total_written; + /* + * When waiting on extra buffer space to be available, args.total_written + * holds the amount of remaining data we requested to write, which will be + * something less than the len parameter passed in, however much we wrote + * here, add it to the value that we wrote when we initially called + * xso_sstream_append + */ + *written += args.total_written; return 1; } @@ -2469,6 +2485,11 @@ static int quic_write_nonblocking_epw(QCTX *ctx, const void *buf, size_t len, quic_post_write(xso, *written > 0, *written == len, flags, qctx_should_autotick(ctx)); + + if (*written == 0) + /* SSL_write_ex returns 0 if it didn't read anything. */ + return QUIC_RAISE_NORMAL_ERROR(ctx, SSL_ERROR_WANT_READ); + return 1; } @@ -2499,14 +2520,16 @@ static int quic_validate_for_write(QUIC_XSO *xso, int *err) /* FALLTHROUGH */ case QUIC_SSTREAM_STATE_SEND: case QUIC_SSTREAM_STATE_DATA_SENT: - case QUIC_SSTREAM_STATE_DATA_RECVD: if (ossl_quic_sstream_get_final_size(xso->stream->sstream, NULL)) { *err = SSL_R_STREAM_FINISHED; return 0; } - return 1; + case QUIC_SSTREAM_STATE_DATA_RECVD: + *err = SSL_R_STREAM_FINISHED; + return 0; + case QUIC_SSTREAM_STATE_RESET_SENT: case QUIC_SSTREAM_STATE_RESET_RECVD: *err = SSL_R_STREAM_RESET; @@ -2524,10 +2547,19 @@ int ossl_quic_write_flags(SSL *s, const void *buf, size_t len, *written = 0; - if (!expect_quic_with_stream_lock(s, /*remote_init=*/0, /*io=*/1, &ctx)) - return 0; + if (len == 0) { + /* Do not autocreate default XSO for zero-length writes. */ + if (!expect_quic(s, &ctx)) + return 0; - partial_write = ((ctx.xso->ssl_mode & SSL_MODE_ENABLE_PARTIAL_WRITE) != 0); + quic_lock_for_io(&ctx); + } else { + if (!expect_quic_with_stream_lock(s, /*remote_init=*/0, /*io=*/1, &ctx)) + return 0; + } + + partial_write = ((ctx.xso != NULL) + ? ((ctx.xso->ssl_mode & SSL_MODE_ENABLE_PARTIAL_WRITE) != 0) : 0); if ((flags & ~SSL_WRITE_FLAG_CONCLUDE) != 0) { ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_UNSUPPORTED_WRITE_FLAG, NULL); @@ -2549,7 +2581,7 @@ int ossl_quic_write_flags(SSL *s, const void *buf, size_t len, } /* Ensure correct stream state, stream send part not concluded, etc. */ - if (!quic_validate_for_write(ctx.xso, &err)) { + if (len > 0 && !quic_validate_for_write(ctx.xso, &err)) { ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL); goto out; } @@ -2753,7 +2785,7 @@ static int quic_read(SSL *s, void *buf, size_t len, size_t *bytes_read, int peek * Wait until we get a stream initiated by the peer (blocking mode) or * fail if we don't have one yet (non-blocking mode). */ - if (!qc_wait_for_default_xso_for_read(&ctx)) { + if (!qc_wait_for_default_xso_for_read(&ctx, /*peek=*/0)) { ret = 0; /* error already raised here */ goto out; } @@ -2840,30 +2872,38 @@ static size_t ossl_quic_pending_int(const SSL *s, int check_channel) { QCTX ctx; size_t avail = 0; - int fin = 0; - if (!expect_quic(s, &ctx)) return 0; quic_lock(ctx.qc); - if (ctx.xso == NULL) { - QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_NO_STREAM, NULL); + if (!ctx.qc->started) goto out; + + if (ctx.xso == NULL) { + /* No XSO yet, but there might be a default XSO eligible to be created. */ + if (qc_wait_for_default_xso_for_read(&ctx, /*peek=*/1)) { + ctx.xso = ctx.qc->default_xso; + } else { + QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_NO_STREAM, NULL); + goto out; + } } - if (ctx.xso->stream == NULL - || !ossl_quic_stream_has_recv_buffer(ctx.xso->stream)) { + if (ctx.xso->stream == NULL) { QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_INTERNAL_ERROR, NULL); goto out; } - if (!ossl_quic_rstream_available(ctx.xso->stream->rstream, &avail, &fin)) - avail = 0; - - if (avail == 0 && check_channel && ossl_quic_channel_has_pending(ctx.qc->ch)) - avail = 1; + if (check_channel) + avail = ossl_quic_stream_recv_pending(ctx.xso->stream, + /*include_fin=*/1) + || ossl_quic_channel_has_pending(ctx.qc->ch) + || ossl_quic_channel_is_term_any(ctx.qc->ch); + else + avail = ossl_quic_stream_recv_pending(ctx.xso->stream, + /*include_fin=*/0); out: quic_unlock(ctx.qc); @@ -4074,6 +4114,13 @@ int ossl_quic_conn_poll_events(SSL *ssl, uint64_t events, int do_tick, quic_lock(ctx.qc); + if (!ctx.qc->started) { + /* We can only try to write on non-started connection. */ + if ((events & SSL_POLL_EVENT_W) != 0) + revents |= SSL_POLL_EVENT_W; + goto end; + } + if (do_tick) ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(ctx.qc->ch), 0); @@ -4123,6 +4170,7 @@ int ossl_quic_conn_poll_events(SSL *ssl, uint64_t events, int do_tick, revents |= SSL_POLL_EVENT_OSU; } + end: quic_unlock(ctx.qc); *p_revents = revents; return 1; diff --git a/ssl/quic/quic_local.h b/ssl/quic/quic_local.h index ff7f4719ab..d6518fd6b4 100644 --- a/ssl/quic/quic_local.h +++ b/ssl/quic/quic_local.h @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/ssl/quic/quic_port.c b/ssl/quic/quic_port.c index f40d5855e3..c1a8463e5a 100644 --- a/ssl/quic/quic_port.c +++ b/ssl/quic/quic_port.c @@ -1,5 +1,5 @@ /* - * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -273,7 +273,7 @@ int ossl_quic_port_set_net_wbio(QUIC_PORT *port, BIO *net_wbio) if (!port_update_poll_desc(port, net_wbio, /*for_write=*/1)) return 0; - LIST_FOREACH(ch, ch, &port->channel_list) + OSSL_LIST_FOREACH(ch, ch, &port->channel_list) ossl_qtx_set_bio(ch->qtx, net_wbio); port->net_wbio = net_wbio; @@ -290,7 +290,7 @@ static SSL *port_new_handshake_layer(QUIC_PORT *port) SSL *tls = NULL; SSL_CONNECTION *tls_conn = NULL; - tls = ossl_ssl_connection_new_int(port->channel_ctx, TLS_method()); + tls = ossl_ssl_connection_new_int(port->channel_ctx, NULL, TLS_method()); if (tls == NULL || (tls_conn = SSL_CONNECTION_FROM_SSL(tls)) == NULL) return NULL; @@ -373,7 +373,7 @@ void ossl_quic_port_subtick(QUIC_PORT *port, QUIC_TICK_RESULT *res, port_rx_pre(port); /* Iterate through all channels and service them. */ - LIST_FOREACH(ch, ch, &port->channel_list) { + OSSL_LIST_FOREACH(ch, ch, &port->channel_list) { QUIC_TICK_RESULT subr = {0}; ossl_quic_channel_subtick(ch, &subr, flags); @@ -603,7 +603,7 @@ void ossl_quic_port_raise_net_error(QUIC_PORT *port, if (triggering_ch != NULL) ossl_quic_channel_raise_net_error(triggering_ch); - LIST_FOREACH(ch, ch, &port->channel_list) + OSSL_LIST_FOREACH(ch, ch, &port->channel_list) if (ch != triggering_ch) ossl_quic_channel_raise_net_error(ch); } diff --git a/ssl/quic/quic_rcidm.c b/ssl/quic/quic_rcidm.c index 90a4b2c2ae..18f7e8096b 100644 --- a/ssl/quic/quic_rcidm.c +++ b/ssl/quic/quic_rcidm.c @@ -1,5 +1,5 @@ /* - * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -310,7 +310,7 @@ void ossl_quic_rcidm_free(QUIC_RCIDM *rcidm) while ((rcid = ossl_pqueue_RCID_pop(rcidm->rcids)) != NULL) OPENSSL_free(rcid); - LIST_FOREACH_DELSAFE(rcid, rnext, retiring, &rcidm->retiring_list) + OSSL_LIST_FOREACH_DELSAFE(rcid, rnext, retiring, &rcidm->retiring_list) OPENSSL_free(rcid); ossl_pqueue_RCID_free(rcidm->rcids); diff --git a/ssl/quic/quic_record_rx.c b/ssl/quic/quic_record_rx.c index ef05997d0d..722b957a43 100644 --- a/ssl/quic/quic_record_rx.c +++ b/ssl/quic/quic_record_rx.c @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/ssl/quic/quic_record_tx.c b/ssl/quic/quic_record_tx.c index 8cc83d673d..3f3688f134 100644 --- a/ssl/quic/quic_record_tx.c +++ b/ssl/quic/quic_record_tx.c @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -842,15 +842,19 @@ int ossl_qtx_write_pkt(OSSL_QTX *qtx, const OSSL_QTX_PKT *pkt) if (!was_coalescing) { /* Set addresses in TXE. */ - if (pkt->peer != NULL) - txe->peer = *pkt->peer; - else + if (pkt->peer != NULL) { + if (!BIO_ADDR_copy(&txe->peer, pkt->peer)) + return 0; + } else { BIO_ADDR_clear(&txe->peer); + } - if (pkt->local != NULL) - txe->local = *pkt->local; - else + if (pkt->local != NULL) { + if (!BIO_ADDR_copy(&txe->local, pkt->local)) + return 0; + } else { BIO_ADDR_clear(&txe->local); + } } ret = qtx_mutate_write(qtx, pkt, txe, enc_level); diff --git a/ssl/quic/quic_rx_depack.c b/ssl/quic/quic_rx_depack.c index 3059831063..58a8edf03c 100644 --- a/ssl/quic/quic_rx_depack.c +++ b/ssl/quic/quic_rx_depack.c @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/ssl/quic/quic_srtm.c b/ssl/quic/quic_srtm.c index dcb98ea60e..3d0bfd97c7 100644 --- a/ssl/quic/quic_srtm.c +++ b/ssl/quic/quic_srtm.c @@ -1,5 +1,5 @@ /* - * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/ssl/quic/quic_stream_map.c b/ssl/quic/quic_stream_map.c index 89b97c0a6b..c836721f78 100644 --- a/ssl/quic/quic_stream_map.c +++ b/ssl/quic/quic_stream_map.c @@ -1,5 +1,5 @@ /* -* Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. +* Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/ssl/quic/quic_thread_assist.c b/ssl/quic/quic_thread_assist.c index ad49781c74..26c738cb5c 100644 --- a/ssl/quic/quic_thread_assist.c +++ b/ssl/quic/quic_thread_assist.c @@ -1,5 +1,5 @@ /* - * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/ssl/quic/quic_tls.c b/ssl/quic/quic_tls.c index e193aae5cd..bd560c9a91 100644 --- a/ssl/quic/quic_tls.c +++ b/ssl/quic/quic_tls.c @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/ssl/quic/quic_trace.c b/ssl/quic/quic_trace.c index 5a6d79bf4b..9c433746f8 100644 --- a/ssl/quic/quic_trace.c +++ b/ssl/quic/quic_trace.c @@ -1,5 +1,5 @@ /* - * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -79,20 +79,21 @@ static int frame_ack(BIO *bio, PACKET *pkt) OSSL_QUIC_ACK_RANGE *ack_ranges = NULL; uint64_t total_ranges = 0; uint64_t i; + int ret = 0; if (!ossl_quic_wire_peek_frame_ack_num_ranges(pkt, &total_ranges) /* In case sizeof(uint64_t) > sizeof(size_t) */ || total_ranges > SIZE_MAX / sizeof(ack_ranges[0]) || (ack_ranges = OPENSSL_zalloc(sizeof(ack_ranges[0]) * (size_t)total_ranges)) == NULL) - return 0; + return ret; ack.ack_ranges = ack_ranges; ack.num_ack_ranges = (size_t)total_ranges; /* Ack delay exponent is 0, so we can get the raw delay time below */ if (!ossl_quic_wire_decode_frame_ack(pkt, 0, &ack, NULL)) - return 0; + goto end; BIO_printf(bio, " Largest acked: %llu\n", (unsigned long long)ack.ack_ranges[0].end); @@ -112,8 +113,10 @@ static int frame_ack(BIO *bio, PACKET *pkt) - ack.ack_ranges[i].start)); } + ret = 1; +end: OPENSSL_free(ack_ranges); - return 1; + return ret; } static int frame_reset_stream(BIO *bio, PACKET *pkt) diff --git a/ssl/quic/quic_tserver.c b/ssl/quic/quic_tserver.c index 831d0463bd..4f30eb14ce 100644 --- a/ssl/quic/quic_tserver.c +++ b/ssl/quic/quic_tserver.c @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -63,7 +63,7 @@ static int alpn_select_cb(SSL *ssl, const unsigned char **out, if (srv->args.alpn == NULL) { alpn = alpndeflt; - alpnlen = sizeof(alpn); + alpnlen = sizeof(alpndeflt); } else { alpn = srv->args.alpn; alpnlen = srv->args.alpnlen; diff --git a/ssl/quic/quic_txp.c b/ssl/quic/quic_txp.c index da9fd2567d..8bc6a7d38e 100644 --- a/ssl/quic/quic_txp.c +++ b/ssl/quic/quic_txp.c @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -613,8 +613,7 @@ int ossl_quic_tx_packetiser_set_peer(OSSL_QUIC_TX_PACKETISER *txp, return 1; } - txp->args.peer = *peer; - return 1; + return BIO_ADDR_copy(&txp->args.peer, peer); } void ossl_quic_tx_packetiser_set_ack_tx_cb(OSSL_QUIC_TX_PACKETISER *txp, @@ -1600,10 +1599,21 @@ static void on_regen_notify(uint64_t frame_type, uint64_t stream_id, } } +static int txp_need_ping(OSSL_QUIC_TX_PACKETISER *txp, + uint32_t pn_space, + const struct archetype_data *adata) +{ + return adata->allow_ping + && (adata->require_ack_eliciting + || (txp->force_ack_eliciting & (1UL << pn_space)) != 0); +} + static int txp_pkt_init(struct txp_pkt *pkt, OSSL_QUIC_TX_PACKETISER *txp, uint32_t enc_level, uint32_t archetype, size_t running_total) { + uint32_t pn_space = ossl_quic_enc_level_to_pn_space(enc_level); + if (!txp_determine_geometry(txp, archetype, enc_level, running_total, &pkt->phdr, &pkt->geom)) return 0; @@ -1614,7 +1624,7 @@ static int txp_pkt_init(struct txp_pkt *pkt, OSSL_QUIC_TX_PACKETISER *txp, */ if (!tx_helper_init(&pkt->h, txp, enc_level, pkt->geom.cmppl, - pkt->geom.adata.require_ack_eliciting ? 1 : 0)) + txp_need_ping(txp, pn_space, &pkt->geom.adata) ? 1 : 0)) return 0; pkt->h_valid = 1; @@ -2215,6 +2225,7 @@ static int txp_generate_stream_frames(OSSL_QUIC_TX_PACKETISER *txp, rc = 1; goto err; } + chunks[i].shdr.stream_id = id; } for (i = 0;; ++i) { @@ -2328,7 +2339,6 @@ static int txp_generate_stream_frames(OSSL_QUIC_TX_PACKETISER *txp, if (wpkt == NULL) goto err; /* alloc error */ - shdr->stream_id = id; if (!ossl_assert(ossl_quic_wire_encode_frame_stream_hdr(wpkt, shdr))) { /* (Should not be possible.) */ tx_helper_rollback(h); @@ -2782,11 +2792,10 @@ static int txp_generate_for_el(OSSL_QUIC_TX_PACKETISER *txp, /* PING */ tx_helper_unrestrict(h); - if ((a.require_ack_eliciting - || (txp->force_ack_eliciting & (1UL << pn_space)) != 0) - && !have_ack_eliciting && a.allow_ping) { + if (!have_ack_eliciting && txp_need_ping(txp, pn_space, &a)) { WPACKET *wpkt; + assert(h->reserve > 0); wpkt = tx_helper_begin(h); if (wpkt == NULL) goto fatal_err; diff --git a/ssl/quic/quic_wire.c b/ssl/quic/quic_wire.c index cdcc276430..a7c7667797 100644 --- a/ssl/quic/quic_wire.c +++ b/ssl/quic/quic_wire.c @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/ssl/quic/quic_wire_pkt.c b/ssl/quic/quic_wire_pkt.c index acb926ad38..00f4afb7c0 100644 --- a/ssl/quic/quic_wire_pkt.c +++ b/ssl/quic/quic_wire_pkt.c @@ -887,7 +887,7 @@ int ossl_quic_calculate_retry_integrity_tag(OSSL_LIB_CTX *libctx, if (!WPACKET_get_total_written(&wpkt, &hdr_enc_len)) { ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB); - return 0; + goto err; } /* Create and initialise cipher context. */ @@ -911,27 +911,27 @@ int ossl_quic_calculate_retry_integrity_tag(OSSL_LIB_CTX *libctx, /* Feed packet header as AAD data. */ if (EVP_CipherUpdate(cctx, NULL, &l, buf, hdr_enc_len) != 1) { ERR_raise(ERR_LIB_SSL, ERR_R_EVP_LIB); - return 0; + goto err; } /* Feed packet body as AAD data. */ if (EVP_CipherUpdate(cctx, NULL, &l, hdr->data, hdr->len - QUIC_RETRY_INTEGRITY_TAG_LEN) != 1) { ERR_raise(ERR_LIB_SSL, ERR_R_EVP_LIB); - return 0; + goto err; } /* Finalise and get tag. */ if (EVP_CipherFinal_ex(cctx, NULL, &l2) != 1) { ERR_raise(ERR_LIB_SSL, ERR_R_EVP_LIB); - return 0; + goto err; } if (EVP_CIPHER_CTX_ctrl(cctx, EVP_CTRL_AEAD_GET_TAG, QUIC_RETRY_INTEGRITY_TAG_LEN, tag) != 1) { ERR_raise(ERR_LIB_SSL, ERR_R_EVP_LIB); - return 0; + goto err; } ok = 1; diff --git a/ssl/record/methods/dtls_meth.c b/ssl/record/methods/dtls_meth.c index c9a4ee706e..a5e6c82341 100644 --- a/ssl/record/methods/dtls_meth.c +++ b/ssl/record/methods/dtls_meth.c @@ -1,5 +1,5 @@ /* - * Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/ssl/record/methods/ktls_meth.c b/ssl/record/methods/ktls_meth.c index 6972a2fc88..33c7140e15 100644 --- a/ssl/record/methods/ktls_meth.c +++ b/ssl/record/methods/ktls_meth.c @@ -1,5 +1,5 @@ /* - * Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/ssl/record/methods/recmethod_local.h b/ssl/record/methods/recmethod_local.h index 1267f81385..fe9dce1535 100644 --- a/ssl/record/methods/recmethod_local.h +++ b/ssl/record/methods/recmethod_local.h @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/ssl/record/methods/ssl3_meth.c b/ssl/record/methods/ssl3_meth.c index 6a41469f93..6b5a1bed23 100644 --- a/ssl/record/methods/ssl3_meth.c +++ b/ssl/record/methods/ssl3_meth.c @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/ssl/record/methods/tls13_meth.c b/ssl/record/methods/tls13_meth.c index fff81d3d08..d782c327ec 100644 --- a/ssl/record/methods/tls13_meth.c +++ b/ssl/record/methods/tls13_meth.c @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/ssl/record/methods/tls1_meth.c b/ssl/record/methods/tls1_meth.c index e522b81231..9275e19fbd 100644 --- a/ssl/record/methods/tls1_meth.c +++ b/ssl/record/methods/tls1_meth.c @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c index c2e21e6d54..961d74e1cc 100644 --- a/ssl/record/methods/tls_common.c +++ b/ssl/record/methods/tls_common.c @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -143,7 +143,7 @@ int tls_setup_write_buffer(OSSL_RECORD_LAYER *rl, size_t numwpipes, size_t firstlen, size_t nextlen) { unsigned char *p; - size_t align = 0, headerlen; + size_t maxalign = 0, headerlen; TLS_BUFFER *wb; size_t currpipe; size_t defltlen = 0; @@ -160,10 +160,10 @@ int tls_setup_write_buffer(OSSL_RECORD_LAYER *rl, size_t numwpipes, contenttypelen = 1; #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD != 0 - align = SSL3_ALIGN_PAYLOAD - 1; + maxalign = SSL3_ALIGN_PAYLOAD - 1; #endif - defltlen = align + headerlen + rl->eivlen + rl->max_frag_len + defltlen = maxalign + headerlen + rl->eivlen + rl->max_frag_len + contenttypelen + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD; #ifndef OPENSSL_NO_COMP if (tls_allow_compression(rl)) @@ -175,7 +175,7 @@ int tls_setup_write_buffer(OSSL_RECORD_LAYER *rl, size_t numwpipes, * always be 0 in these protocol versions */ if ((rl->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) == 0) - defltlen += headerlen + align + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD; + defltlen += headerlen + maxalign + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD; } wb = rl->wbuf; @@ -229,7 +229,7 @@ static void tls_release_write_buffer(OSSL_RECORD_LAYER *rl) int tls_setup_read_buffer(OSSL_RECORD_LAYER *rl) { unsigned char *p; - size_t len, align = 0, headerlen; + size_t len, maxalign = 0, headerlen; TLS_BUFFER *b; b = &rl->rbuf; @@ -240,12 +240,12 @@ int tls_setup_read_buffer(OSSL_RECORD_LAYER *rl) headerlen = SSL3_RT_HEADER_LENGTH; #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD != 0 - align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1); + maxalign = SSL3_ALIGN_PAYLOAD - 1; #endif if (b->buf == NULL) { len = rl->max_frag_len - + SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align; + + SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + maxalign; #ifndef OPENSSL_NO_COMP if (tls_allow_compression(rl)) len += SSL3_RT_MAX_COMPRESSED_OVERHEAD; @@ -283,6 +283,8 @@ static int tls_release_read_buffer(OSSL_RECORD_LAYER *rl) OPENSSL_cleanse(b->buf, b->len); OPENSSL_free(b->buf); b->buf = NULL; + rl->packet = NULL; + rl->packet_length = 0; return 1; } @@ -325,6 +327,12 @@ int tls_default_read_n(OSSL_RECORD_LAYER *rl, size_t n, size_t max, int extend, /* ... now we can act as if 'extend' was set */ } + if (!ossl_assert(rl->packet != NULL)) { + /* does not happen */ + RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + return OSSL_RECORD_RETURN_FATAL; + } + len = rl->packet_length; pkt = rb->buf + align; /* @@ -2124,7 +2132,10 @@ int tls_free_buffers(OSSL_RECORD_LAYER *rl) /* Read direction */ /* If we have pending data to be read then fail */ - if (rl->curr_rec < rl->num_recs || TLS_BUFFER_get_left(&rl->rbuf) != 0) + if (rl->curr_rec < rl->num_recs + || rl->curr_rec != rl->num_released + || TLS_BUFFER_get_left(&rl->rbuf) != 0 + || rl->rstate == SSL_ST_READ_BODY) return 0; return tls_release_read_buffer(rl); diff --git a/ssl/record/methods/tlsany_meth.c b/ssl/record/methods/tlsany_meth.c index 4ca818f191..3f73f9ebdd 100644 --- a/ssl/record/methods/tlsany_meth.c +++ b/ssl/record/methods/tlsany_meth.c @@ -1,5 +1,5 @@ /* - * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index 7da65f2332..ee45f8117d 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 49c408aba4..55e19bd0cd 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -1128,7 +1128,7 @@ static void rlayer_msg_callback_wrapper(int write_p, int version, size_t len, void *cbarg) { SSL_CONNECTION *s = cbarg; - SSL *ssl = SSL_CONNECTION_GET_SSL(s); + SSL *ssl = SSL_CONNECTION_GET_USER_SSL(s); if (s->msg_callback != NULL) s->msg_callback(write_p, version, content_type, buf, len, ssl, @@ -1148,7 +1148,7 @@ static OSSL_FUNC_rlayer_padding_fn rlayer_padding_wrapper; static size_t rlayer_padding_wrapper(void *cbarg, int type, size_t len) { SSL_CONNECTION *s = cbarg; - SSL *ssl = SSL_CONNECTION_GET_SSL(s); + SSL *ssl = SSL_CONNECTION_GET_USER_SSL(s); return s->rlayer.record_padding_cb(ssl, type, len, s->rlayer.record_padding_arg); diff --git a/ssl/record/record.h b/ssl/record/record.h index 85229d8bfa..9a076a1fb8 100644 --- a/ssl/record/record.h +++ b/ssl/record/record.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/ssl/record/record_local.h b/ssl/record/record_local.h index e1485ad6c9..1acb588f8c 100644 --- a/ssl/record/record_local.h +++ b/ssl/record/record_local.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/ssl/rio/poll_immediate.c b/ssl/rio/poll_immediate.c index 66e613a7dc..663e4fd91b 100644 --- a/ssl/rio/poll_immediate.c +++ b/ssl/rio/poll_immediate.c @@ -12,6 +12,16 @@ #include #include "../ssl_local.h" +#if defined(_AIX) +/* + * Some versions of AIX define macros for events and revents for use when + * accessing pollfd structures (see Github issue #24236). That interferes + * with our use of these names here. We simply undef them. + */ +# undef revents +# undef events +#endif + #define ITEM_N(items, stride, n) \ (*(SSL_POLL_ITEM *)((char *)(items) + (n)*(stride))) diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 9d4e16b0ac..878556b069 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2005 Nokia. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index d1497b115b..2bc5e79fd1 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -3685,13 +3685,13 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) return tls1_set_sigalgs(sc->cert, parg, larg, 0); case SSL_CTRL_SET_SIGALGS_LIST: - return tls1_set_sigalgs_list(sc->cert, parg, 0); + return tls1_set_sigalgs_list(s->ctx, sc->cert, parg, 0); case SSL_CTRL_SET_CLIENT_SIGALGS: return tls1_set_sigalgs(sc->cert, parg, larg, 1); case SSL_CTRL_SET_CLIENT_SIGALGS_LIST: - return tls1_set_sigalgs_list(sc->cert, parg, 1); + return tls1_set_sigalgs_list(s->ctx, sc->cert, parg, 1); case SSL_CTRL_GET_CLIENT_CERT_TYPES: { @@ -3968,13 +3968,13 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) return tls1_set_sigalgs(ctx->cert, parg, larg, 0); case SSL_CTRL_SET_SIGALGS_LIST: - return tls1_set_sigalgs_list(ctx->cert, parg, 0); + return tls1_set_sigalgs_list(ctx, ctx->cert, parg, 0); case SSL_CTRL_SET_CLIENT_SIGALGS: return tls1_set_sigalgs(ctx->cert, parg, larg, 1); case SSL_CTRL_SET_CLIENT_SIGALGS_LIST: - return tls1_set_sigalgs_list(ctx->cert, parg, 1); + return tls1_set_sigalgs_list(ctx, ctx->cert, parg, 1); case SSL_CTRL_SET_CLIENT_CERT_TYPES: return ssl3_set_req_cert_type(ctx->cert, parg, larg); diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index f11eb75827..9ce93695c9 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -267,7 +267,7 @@ void ssl_cert_free(CERT *c) if (c == NULL) return; CRYPTO_DOWN_REF(&c->references, &i); - REF_PRINT_COUNT("CERT", c); + REF_PRINT_COUNT("CERT", i, c); if (i > 0) return; REF_ASSERT_ISNT(i < 0); @@ -926,16 +926,17 @@ static int add_uris_recursive(STACK_OF(X509_NAME) *stack, OSSL_STORE_CTX *ctx = NULL; X509 *x = NULL; X509_NAME *xn = NULL; + OSSL_STORE_INFO *info = NULL; if ((ctx = OSSL_STORE_open(uri, NULL, NULL, NULL, NULL)) == NULL) goto err; while (!OSSL_STORE_eof(ctx) && !OSSL_STORE_error(ctx)) { - OSSL_STORE_INFO *info = OSSL_STORE_load(ctx); - int infotype = info == 0 ? 0 : OSSL_STORE_INFO_get_type(info); + int infotype; - if (info == NULL) + if ((info = OSSL_STORE_load(ctx)) == NULL) continue; + infotype = OSSL_STORE_INFO_get_type(info); if (infotype == OSSL_STORE_INFO_NAME) { /* @@ -960,6 +961,7 @@ static int add_uris_recursive(STACK_OF(X509_NAME) *stack, } OSSL_STORE_INFO_free(info); + info = NULL; } ERR_clear_error(); @@ -967,6 +969,7 @@ static int add_uris_recursive(STACK_OF(X509_NAME) *stack, err: ok = 0; + OSSL_STORE_INFO_free(info); done: OSSL_STORE_close(ctx); @@ -1211,7 +1214,7 @@ static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx, int ssl_security(const SSL_CONNECTION *s, int op, int bits, int nid, void *other) { - return s->cert->sec_cb(SSL_CONNECTION_GET_SSL(s), NULL, op, bits, nid, + return s->cert->sec_cb(SSL_CONNECTION_GET_USER_SSL(s), NULL, op, bits, nid, other, s->cert->sec_ex); } @@ -1256,7 +1259,7 @@ const SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk, size_t *pidx, } } /* check provider-loaded pk types */ - for (i = 0; ctx->sigalg_list_len; i++) { + for (i = 0; i < ctx->sigalg_list_len; i++) { SSL_CERT_LOOKUP *tmp_lu = &(ctx->ssl_cert_info[i]); if (EVP_PKEY_is_a(pk, OBJ_nid2sn(tmp_lu->nid)) diff --git a/ssl/ssl_cert_comp.c b/ssl/ssl_cert_comp.c index 639610a5f7..4c7cdf2682 100644 --- a/ssl/ssl_cert_comp.c +++ b/ssl/ssl_cert_comp.c @@ -136,7 +136,7 @@ void OSSL_COMP_CERT_free(OSSL_COMP_CERT *cc) return; CRYPTO_DOWN_REF(&cc->references, &i); - REF_PRINT_COUNT("OSSL_COMP_CERT", cc); + REF_PRINT_COUNT("OSSL_COMP_CERT", i, cc); if (i > 0) return; REF_ASSERT_ISNT(i < 0); @@ -152,7 +152,7 @@ int OSSL_COMP_CERT_up_ref(OSSL_COMP_CERT *cc) if (CRYPTO_UP_REF(&cc->references, &i) <= 0) return 0; - REF_PRINT_COUNT("OSSL_COMP_CERT", cc); + REF_PRINT_COUNT("OSSL_COMP_CERT", i, cc); REF_ASSERT_ISNT(i < 2); return ((i > 1) ? 1 : 0); } diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index f92feeebae..ddde21b968 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index e8d319bc52..b303be9eb4 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -1,5 +1,5 @@ /* - * Copyright 2012-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2012-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -86,7 +86,9 @@ struct ssl_conf_ctx_st { /* Pointer to SSL or SSL_CTX options field or NULL if none */ uint64_t *poptions; /* Certificate filenames for each type */ - char *cert_filename[SSL_PKEY_NUM]; + char **cert_filename; + /* Number of elements in the cert_filename array */ + size_t num_cert_filename; /* Pointer to SSL or SSL_CTX cert_flags or NULL if none */ uint32_t *pcert_flags; /* Pointer to SSL or SSL_CTX verify_mode or NULL if none */ @@ -451,12 +453,18 @@ static int cmd_Certificate(SSL_CONF_CTX *cctx, const char *value) } } if (rv > 0 && c != NULL && cctx->flags & SSL_CONF_FLAG_REQUIRE_PRIVATE) { - char **pfilename = &cctx->cert_filename[c->key - c->pkeys]; + size_t fileidx = c->key - c->pkeys; - OPENSSL_free(*pfilename); - *pfilename = OPENSSL_strdup(value); - if (*pfilename == NULL) + if (fileidx >= cctx->num_cert_filename) { rv = 0; + } else { + char **pfilename = &cctx->cert_filename[c->key - c->pkeys]; + + OPENSSL_free(*pfilename); + *pfilename = OPENSSL_strdup(value); + if (*pfilename == NULL) + rv = 0; + } } return rv > 0; @@ -1023,12 +1031,13 @@ int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx) c = sc->cert; } if (c != NULL && cctx->flags & SSL_CONF_FLAG_REQUIRE_PRIVATE) { - for (i = 0; i < SSL_PKEY_NUM; i++) { + for (i = 0; i < cctx->num_cert_filename; i++) { const char *p = cctx->cert_filename[i]; + /* * If missing private key try to load one from certificate file */ - if (p && !c->pkeys[i].privatekey) { + if (p != NULL && c->pkeys[i].privatekey == NULL) { if (!cmd_PrivateKey(cctx, p)) return 0; } @@ -1046,12 +1055,21 @@ int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx) return 1; } +static void free_cert_filename(SSL_CONF_CTX *cctx) +{ + size_t i; + + for (i = 0; i < cctx->num_cert_filename; i++) + OPENSSL_free(cctx->cert_filename[i]); + OPENSSL_free(cctx->cert_filename); + cctx->cert_filename = NULL; + cctx->num_cert_filename = 0; +} + void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx) { if (cctx) { - size_t i; - for (i = 0; i < SSL_PKEY_NUM; i++) - OPENSSL_free(cctx->cert_filename[i]); + free_cert_filename(cctx); OPENSSL_free(cctx->prefix); sk_X509_NAME_pop_free(cctx->canames, X509_NAME_free); OPENSSL_free(cctx); @@ -1091,6 +1109,7 @@ void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl) { cctx->ssl = ssl; cctx->ctx = NULL; + free_cert_filename(cctx); if (ssl != NULL) { SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl); @@ -1101,6 +1120,10 @@ void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl) cctx->max_version = &sc->max_proto_version; cctx->pcert_flags = &sc->cert->cert_flags; cctx->pvfy_flags = &sc->verify_mode; + cctx->cert_filename = OPENSSL_zalloc(sc->ssl_pkey_num + * sizeof(*cctx->cert_filename)); + if (cctx->cert_filename != NULL) + cctx->num_cert_filename = sc->ssl_pkey_num; } else { cctx->poptions = NULL; cctx->min_version = NULL; @@ -1114,12 +1137,17 @@ void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx) { cctx->ctx = ctx; cctx->ssl = NULL; + free_cert_filename(cctx); if (ctx) { cctx->poptions = &ctx->options; cctx->min_version = &ctx->min_proto_version; cctx->max_version = &ctx->max_proto_version; cctx->pcert_flags = &ctx->cert->cert_flags; cctx->pvfy_flags = &ctx->verify_mode; + cctx->cert_filename = OPENSSL_zalloc((SSL_PKEY_NUM + ctx->sigalg_list_len) + * sizeof(*cctx->cert_filename)); + if (cctx->cert_filename != NULL) + cctx->num_cert_filename = SSL_PKEY_NUM + ctx->sigalg_list_len; } else { cctx->poptions = NULL; cctx->min_version = NULL; diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index a1da9fde39..f5fb4107f6 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -498,6 +498,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { "tlsv1 alert insufficient security"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_INTERNAL_ERROR), "tlsv1 alert internal error"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_NO_APPLICATION_PROTOCOL), + "tlsv1 alert no application protocol"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_NO_RENEGOTIATION), "tlsv1 alert no renegotiation"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_PROTOCOL_VERSION), @@ -506,6 +508,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { "tlsv1 alert record overflow"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_UNKNOWN_CA), "tlsv1 alert unknown ca"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_UNKNOWN_PSK_IDENTITY), + "tlsv1 alert unknown psk identity"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_USER_CANCELLED), "tlsv1 alert user cancelled"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE), diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index ecd105d35d..f5ec7580b8 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -720,7 +720,8 @@ int ossl_ssl_init(SSL *ssl, SSL_CTX *ctx, const SSL_METHOD *method, int type) return 1; } -SSL *ossl_ssl_connection_new_int(SSL_CTX *ctx, const SSL_METHOD *method) +SSL *ossl_ssl_connection_new_int(SSL_CTX *ctx, SSL *user_ssl, + const SSL_METHOD *method) { SSL_CONNECTION *s; SSL *ssl; @@ -730,6 +731,8 @@ SSL *ossl_ssl_connection_new_int(SSL_CTX *ctx, const SSL_METHOD *method) return NULL; ssl = &s->ssl; + s->user_ssl = (user_ssl == NULL) ? ssl : user_ssl; + if (!ossl_ssl_init(ssl, ctx, method, SSL_TYPE_SSL_CONNECTION)) { OPENSSL_free(s); s = NULL; @@ -924,7 +927,7 @@ SSL *ossl_ssl_connection_new_int(SSL_CTX *ctx, const SSL_METHOD *method) SSL *ossl_ssl_connection_new(SSL_CTX *ctx) { - return ossl_ssl_connection_new_int(ctx, ctx->method); + return ossl_ssl_connection_new_int(ctx, NULL, ctx->method); } int SSL_is_dtls(const SSL *s) @@ -973,7 +976,7 @@ int SSL_up_ref(SSL *s) if (CRYPTO_UP_REF(&s->references, &i) <= 0) return 0; - REF_PRINT_COUNT("SSL", s); + REF_PRINT_COUNT("SSL", i, s); REF_ASSERT_ISNT(i < 2); return ((i > 1) ? 1 : 0); } @@ -1376,7 +1379,7 @@ void SSL_free(SSL *s) if (s == NULL) return; CRYPTO_DOWN_REF(&s->references, &i); - REF_PRINT_COUNT("SSL", s); + REF_PRINT_COUNT("SSL", i, s); if (i > 0) return; REF_ASSERT_ISNT(i < 0); @@ -3061,7 +3064,7 @@ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) return tls1_set_groups_list(ctx, NULL, NULL, parg); case SSL_CTRL_SET_SIGALGS_LIST: case SSL_CTRL_SET_CLIENT_SIGALGS_LIST: - return tls1_set_sigalgs_list(NULL, parg, 0); + return tls1_set_sigalgs_list(ctx, NULL, parg, 0); default: return 0; } @@ -3337,7 +3340,7 @@ int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) */ if (sk == NULL) return 0; - else if (cipher_list_tls12_num(sk) == 0) { + if (ctx->method->num_ciphers() > 0 && cipher_list_tls12_num(sk) == 0) { ERR_raise(ERR_LIB_SSL, SSL_R_NO_CIPHER_MATCH); return 0; } @@ -3349,17 +3352,19 @@ int SSL_set_cipher_list(SSL *s, const char *str) { STACK_OF(SSL_CIPHER) *sk; SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + SSL_CTX *ctx; if (sc == NULL) return 0; - sk = ssl_create_cipher_list(s->ctx, sc->tls13_ciphersuites, + ctx = s->ctx; + sk = ssl_create_cipher_list(ctx, sc->tls13_ciphersuites, &sc->cipher_list, &sc->cipher_list_by_id, str, sc->cert); /* see comment in SSL_CTX_set_cipher_list */ if (sk == NULL) return 0; - else if (cipher_list_tls12_num(sk) == 0) { + if (ctx->method->num_ciphers() > 0 && cipher_list_tls12_num(sk) == 0) { ERR_raise(ERR_LIB_SSL, SSL_R_NO_CIPHER_MATCH); return 0; } @@ -3530,37 +3535,54 @@ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, unsigned int server_len, const unsigned char *client, unsigned int client_len) { - unsigned int i, j; - const unsigned char *result; - int status = OPENSSL_NPN_UNSUPPORTED; + PACKET cpkt, csubpkt, spkt, ssubpkt; + + if (!PACKET_buf_init(&cpkt, client, client_len) + || !PACKET_get_length_prefixed_1(&cpkt, &csubpkt) + || PACKET_remaining(&csubpkt) == 0) { + *out = NULL; + *outlen = 0; + return OPENSSL_NPN_NO_OVERLAP; + } + + /* + * Set the default opportunistic protocol. Will be overwritten if we find + * a match. + */ + *out = (unsigned char *)PACKET_data(&csubpkt); + *outlen = (unsigned char)PACKET_remaining(&csubpkt); /* * For each protocol in server preference order, see if we support it. */ - for (i = 0; i < server_len;) { - for (j = 0; j < client_len;) { - if (server[i] == client[j] && - memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) { - /* We found a match */ - result = &server[i]; - status = OPENSSL_NPN_NEGOTIATED; - goto found; + if (PACKET_buf_init(&spkt, server, server_len)) { + while (PACKET_get_length_prefixed_1(&spkt, &ssubpkt)) { + if (PACKET_remaining(&ssubpkt) == 0) + continue; /* Invalid - ignore it */ + if (PACKET_buf_init(&cpkt, client, client_len)) { + while (PACKET_get_length_prefixed_1(&cpkt, &csubpkt)) { + if (PACKET_equal(&csubpkt, PACKET_data(&ssubpkt), + PACKET_remaining(&ssubpkt))) { + /* We found a match */ + *out = (unsigned char *)PACKET_data(&ssubpkt); + *outlen = (unsigned char)PACKET_remaining(&ssubpkt); + return OPENSSL_NPN_NEGOTIATED; + } + } + /* Ignore spurious trailing bytes in the client list */ + } else { + /* This should never happen */ + return OPENSSL_NPN_NO_OVERLAP; } - j += client[j]; - j++; } - i += server[i]; - i++; + /* Ignore spurious trailing bytes in the server list */ } - /* There's no overlap between our protocols and the server's list. */ - result = client; - status = OPENSSL_NPN_NO_OVERLAP; - - found: - *out = (unsigned char *)result + 1; - *outlen = result[0]; - return status; + /* + * There's no overlap between our protocols and the server's list. We use + * the default opportunistic protocol selected earlier + */ + return OPENSSL_NPN_NO_OVERLAP; } #ifndef OPENSSL_NO_NEXTPROTONEG @@ -4111,7 +4133,7 @@ int SSL_CTX_up_ref(SSL_CTX *ctx) if (CRYPTO_UP_REF(&ctx->references, &i) <= 0) return 0; - REF_PRINT_COUNT("SSL_CTX", ctx); + REF_PRINT_COUNT("SSL_CTX", i, ctx); REF_ASSERT_ISNT(i < 2); return ((i > 1) ? 1 : 0); } @@ -4125,7 +4147,7 @@ void SSL_CTX_free(SSL_CTX *a) return; CRYPTO_DOWN_REF(&a->references, &i); - REF_PRINT_COUNT("SSL_CTX", a); + REF_PRINT_COUNT("SSL_CTX", i, a); if (i > 0) return; REF_ASSERT_ISNT(i < 0); @@ -4472,9 +4494,10 @@ void ssl_update_cache(SSL_CONNECTION *s, int mode) /* * If the session_id_length is 0, we are not supposed to cache it, and it - * would be rather hard to do anyway :-) + * would be rather hard to do anyway :-). Also if the session has already + * been marked as not_resumable we should not cache it for later reuse. */ - if (s->session->session_id_length == 0) + if (s->session->session_id_length == 0 || s->session->not_resumable) return; /* @@ -4520,7 +4543,7 @@ void ssl_update_cache(SSL_CONNECTION *s, int mode) */ if (s->session_ctx->new_session_cb != NULL) { SSL_SESSION_up_ref(s->session); - if (!s->session_ctx->new_session_cb(SSL_CONNECTION_GET_SSL(s), + if (!s->session_ctx->new_session_cb(SSL_CONNECTION_GET_USER_SSL(s), s->session)) SSL_SESSION_free(s->session); } @@ -6732,7 +6755,7 @@ static int nss_keylog_int(const char *prefix, } *cursor = '\0'; - sctx->keylog_callback(SSL_CONNECTION_GET_SSL(sc), (const char *)out); + sctx->keylog_callback(SSL_CONNECTION_GET_USER_SSL(sc), (const char *)out); OPENSSL_clear_free(out, out_len); return 1; @@ -6780,7 +6803,7 @@ int ssl_cache_cipherlist(SSL_CONNECTION *s, PACKET *cipher_suites, int sslv2form n = sslv2format ? SSLV2_CIPHER_LEN : TLS_CIPHER_LEN; if (PACKET_remaining(cipher_suites) == 0) { - SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_NO_CIPHERS_SPECIFIED); + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_NO_CIPHERS_SPECIFIED); return 0; } diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index cae0c1202b..11711218b6 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -532,7 +532,6 @@ struct ssl_session_st { * certificate is not ok, we must remember the error for session reuse: */ long verify_result; /* only for servers */ - CRYPTO_REF_COUNT references; OSSL_TIME timeout; OSSL_TIME time; OSSL_TIME calc_timeout; @@ -542,11 +541,6 @@ struct ssl_session_st { * load the 'cipher' structure */ unsigned int kex_group; /* TLS group from key exchange */ CRYPTO_EX_DATA ex_data; /* application specific data */ - /* - * These are used to make removal of session-ids more efficient and to - * implement a maximum cache size. - */ - struct ssl_session_st *prev, *next; struct { char *hostname; @@ -576,6 +570,13 @@ struct ssl_session_st { size_t ticket_appdata_len; uint32_t flags; SSL_CTX *owner; + + /* + * These are used to make removal of session-ids more efficient and to + * implement a maximum cache size. Access requires protection of ctx->lock. + */ + struct ssl_session_st *prev, *next; + CRYPTO_REF_COUNT references; }; /* Extended master secret support */ @@ -1215,6 +1216,13 @@ struct ssl_st { struct ssl_connection_st { /* type identifier and common data */ struct ssl_st ssl; + + /* + * The actual end user's SSL object. Could be different to this one for + * QUIC + */ + SSL *user_ssl; + /* * protocol version (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, * DTLS1_VERSION) @@ -1822,6 +1830,7 @@ struct ssl_connection_st { SSL_CONNECTION_FROM_SSL_ONLY_int(ssl, const) # define SSL_CONNECTION_GET_CTX(sc) ((sc)->ssl.ctx) # define SSL_CONNECTION_GET_SSL(sc) (&(sc)->ssl) +# define SSL_CONNECTION_GET_USER_SSL(sc) ((sc)->user_ssl) # ifndef OPENSSL_NO_QUIC # include "quic/quic_local.h" # define SSL_CONNECTION_FROM_SSL_int(ssl, c) \ @@ -2461,7 +2470,8 @@ static ossl_inline void tls1_get_peer_groups(SSL_CONNECTION *s, __owur int ossl_ssl_init(SSL *ssl, SSL_CTX *ctx, const SSL_METHOD *method, int type); -__owur SSL *ossl_ssl_connection_new_int(SSL_CTX *ctx, const SSL_METHOD *method); +__owur SSL *ossl_ssl_connection_new_int(SSL_CTX *ctx, SSL *user_ssl, + const SSL_METHOD *method); __owur SSL *ossl_ssl_connection_new(SSL_CTX *ctx); void ossl_ssl_connection_free(SSL *ssl); __owur int ossl_ssl_connection_reset(SSL *ssl); @@ -2801,7 +2811,7 @@ __owur int tls_use_ticket(SSL_CONNECTION *s); void ssl_set_sig_mask(uint32_t *pmask_a, SSL_CONNECTION *s, int op); -__owur int tls1_set_sigalgs_list(CERT *c, const char *str, int client); +__owur int tls1_set_sigalgs_list(SSL_CTX *ctx, CERT *c, const char *str, int client); __owur int tls1_set_raw_sigalgs(CERT *c, const uint16_t *psigs, size_t salglen, int client); __owur int tls1_set_sigalgs(CERT *c, const int *salg, size_t salglen, diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index c6190b92d2..29fa05cd58 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2005 Nokia. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -109,6 +109,7 @@ SSL_SESSION *SSL_SESSION_new(void) if (ss == NULL) return NULL; + ss->ext.max_fragment_len_mode = TLSEXT_max_fragment_length_UNSPECIFIED; ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ /* 5 minute timeout by default */ ss->timeout = ossl_seconds2time(60 * 5 + 4); @@ -127,23 +128,23 @@ SSL_SESSION *SSL_SESSION_new(void) return ss; } -SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src) -{ - return ssl_session_dup(src, 1); -} - /* * Create a new SSL_SESSION and duplicate the contents of |src| into it. If * ticket == 0 then no ticket information is duplicated, otherwise it is. */ -SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket) +static SSL_SESSION *ssl_session_dup_intern(const SSL_SESSION *src, int ticket) { SSL_SESSION *dest; dest = OPENSSL_malloc(sizeof(*dest)); if (dest == NULL) return NULL; - memcpy(dest, src, sizeof(*dest)); + + /* + * src is logically read-only but the prev/next pointers are not, they are + * part of the session cache and can be modified concurrently. + */ + memcpy(dest, src, offsetof(SSL_SESSION, prev)); /* * Set the various pointers to NULL so that we can call SSL_SESSION_free in @@ -265,6 +266,27 @@ SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket) return NULL; } +SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src) +{ + return ssl_session_dup_intern(src, 1); +} + +/* + * Used internally when duplicating a session which might be already shared. + * We will have resumed the original session. Subsequently we might have marked + * it as non-resumable (e.g. in another thread) - but this copy should be ok to + * resume from. + */ +SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket) +{ + SSL_SESSION *sess = ssl_session_dup_intern(src, ticket); + + if (sess != NULL) + sess->not_resumable = 0; + + return sess; +} + const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) { if (len) @@ -499,10 +521,16 @@ SSL_SESSION *lookup_sess_in_cache(SSL_CONNECTION *s, if (ret == NULL && s->session_ctx->get_session_cb != NULL) { int copy = 1; - ret = s->session_ctx->get_session_cb(SSL_CONNECTION_GET_SSL(s), + ret = s->session_ctx->get_session_cb(SSL_CONNECTION_GET_USER_SSL(s), sess_id, sess_id_len, ©); if (ret != NULL) { + if (ret->not_resumable) { + /* If its not resumable then ignore this session */ + if (!copy) + SSL_SESSION_free(ret); + return NULL; + } ssl_tsan_counter(s->session_ctx, &s->session_ctx->stats.sess_cb_hit); @@ -815,7 +843,7 @@ void SSL_SESSION_free(SSL_SESSION *ss) if (ss == NULL) return; CRYPTO_DOWN_REF(&ss->references, &i); - REF_PRINT_COUNT("SSL_SESSION", ss); + REF_PRINT_COUNT("SSL_SESSION", i, ss); if (i > 0) return; REF_ASSERT_ISNT(i < 0); @@ -849,7 +877,7 @@ int SSL_SESSION_up_ref(SSL_SESSION *ss) if (CRYPTO_UP_REF(&ss->references, &i) <= 0) return 0; - REF_PRINT_COUNT("SSL_SESSION", ss); + REF_PRINT_COUNT("SSL_SESSION", i, ss); REF_ASSERT_ISNT(i < 2); return ((i > 1) ? 1 : 0); } @@ -885,8 +913,9 @@ int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, return 0; } s->session_id_length = sid_len; - if (sid != s->session_id) + if (sid != s->session_id && sid_len > 0) memcpy(s->session_id, sid, sid_len); + return 1; } diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index 0a64ca2246..c35c2ccd33 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -691,7 +691,7 @@ int tls_collect_extensions(SSL_CONNECTION *s, PACKET *packet, thisex->type = type; thisex->received_order = i++; if (s->ext.debug_cb) - s->ext.debug_cb(SSL_CONNECTION_GET_SSL(s), !s->server, + s->ext.debug_cb(SSL_CONNECTION_GET_USER_SSL(s), !s->server, thisex->type, PACKET_data(&thisex->data), PACKET_remaining(&thisex->data), s->ext.debug_arg); @@ -989,6 +989,7 @@ static int final_server_name(SSL_CONNECTION *s, unsigned int context, int sent) int ret = SSL_TLSEXT_ERR_NOACK; int altmp = SSL_AD_UNRECOGNIZED_NAME; SSL *ssl = SSL_CONNECTION_GET_SSL(s); + SSL *ussl = SSL_CONNECTION_GET_USER_SSL(s); SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); int was_ticket = (SSL_get_options(ssl) & SSL_OP_NO_TICKET) == 0; @@ -998,11 +999,11 @@ static int final_server_name(SSL_CONNECTION *s, unsigned int context, int sent) } if (sctx->ext.servername_cb != NULL) - ret = sctx->ext.servername_cb(ssl, &altmp, + ret = sctx->ext.servername_cb(ussl, &altmp, sctx->ext.servername_arg); else if (s->session_ctx->ext.servername_cb != NULL) - ret = s->session_ctx->ext.servername_cb(ssl, &altmp, - s->session_ctx->ext.servername_arg); + ret = s->session_ctx->ext.servername_cb(ussl, &altmp, + s->session_ctx->ext.servername_arg); /* * For servers, propagate the SNI hostname from the temporary @@ -1722,8 +1723,8 @@ static int final_early_data(SSL_CONNECTION *s, unsigned int context, int sent) || !s->ext.early_data_ok || s->hello_retry_request != SSL_HRR_NONE || (s->allow_early_data_cb != NULL - && !s->allow_early_data_cb(SSL_CONNECTION_GET_SSL(s), - s->allow_early_data_cb_data))) { + && !s->allow_early_data_cb(SSL_CONNECTION_GET_USER_SSL(s), + s->allow_early_data_cb_data))) { s->ext.early_data = SSL_EARLY_DATA_REJECTED; } else { s->ext.early_data = SSL_EARLY_DATA_ACCEPTED; @@ -1741,15 +1742,9 @@ static int final_early_data(SSL_CONNECTION *s, unsigned int context, int sent) static int final_maxfragmentlen(SSL_CONNECTION *s, unsigned int context, int sent) { - /* - * Session resumption on server-side with MFL extension active - * BUT MFL extension packet was not resent (i.e. sent == 0) - */ - if (s->server && s->hit && USE_MAX_FRAGMENT_LENGTH_EXT(s->session) - && !sent ) { - SSLfatal(s, SSL_AD_MISSING_EXTENSION, SSL_R_BAD_EXTENSION); - return 0; - } + /* MaxFragmentLength defaults to disabled */ + if (s->session->ext.max_fragment_len_mode == TLSEXT_max_fragment_length_UNSPECIFIED) + s->session->ext.max_fragment_len_mode = TLSEXT_max_fragment_length_DISABLED; if (s->session && USE_MAX_FRAGMENT_LENGTH_EXT(s->session)) { s->rlayer.rrlmethod->set_max_frag_len(s->rlayer.rrl, diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index 381a6c9d7b..760de23563 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -757,13 +757,13 @@ EXT_RETURN tls_construct_ctos_early_data(SSL_CONNECTION *s, WPACKET *pkt, SSL_SESSION *psksess = NULL; SSL_SESSION *edsess = NULL; const EVP_MD *handmd = NULL; - SSL *ssl = SSL_CONNECTION_GET_SSL(s); + SSL *ussl = SSL_CONNECTION_GET_USER_SSL(s); if (s->hello_retry_request == SSL_HRR_PENDING) handmd = ssl_handshake_md(s); if (s->psk_use_session_cb != NULL - && (!s->psk_use_session_cb(ssl, handmd, &id, &idlen, &psksess) + && (!s->psk_use_session_cb(ussl, handmd, &id, &idlen, &psksess) || (psksess != NULL && psksess->ssl_version != TLS1_3_VERSION))) { SSL_SESSION_free(psksess); @@ -777,7 +777,7 @@ EXT_RETURN tls_construct_ctos_early_data(SSL_CONNECTION *s, WPACKET *pkt, size_t psklen = 0; memset(identity, 0, sizeof(identity)); - psklen = s->psk_client_callback(ssl, NULL, + psklen = s->psk_client_callback(ussl, NULL, identity, sizeof(identity) - 1, psk, sizeof(psk)); @@ -799,7 +799,8 @@ EXT_RETURN tls_construct_ctos_early_data(SSL_CONNECTION *s, WPACKET *pkt, * We found a PSK using an old style callback. We don't know * the digest so we default to SHA256 as per the TLSv1.3 spec */ - cipher = SSL_CIPHER_find(ssl, tls13_aes128gcmsha256_id); + cipher = SSL_CIPHER_find(SSL_CONNECTION_GET_SSL(s), + tls13_aes128gcmsha256_id); if (cipher == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; @@ -1383,7 +1384,7 @@ int tls_parse_stoc_session_ticket(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { - SSL *ssl = SSL_CONNECTION_GET_SSL(s); + SSL *ssl = SSL_CONNECTION_GET_USER_SSL(s); if (s->ext.session_ticket_cb != NULL && !s->ext.session_ticket_cb(ssl, PACKET_data(pkt), @@ -1557,11 +1558,11 @@ int tls_parse_stoc_npn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, /* SSLfatal() already called */ return 0; } - if (sctx->ext.npn_select_cb(SSL_CONNECTION_GET_SSL(s), + if (sctx->ext.npn_select_cb(SSL_CONNECTION_GET_USER_SSL(s), &selected, &selected_len, PACKET_data(pkt), PACKET_remaining(pkt), - sctx->ext.npn_select_cb_arg) != - SSL_TLSEXT_ERR_OK) { + sctx->ext.npn_select_cb_arg) != SSL_TLSEXT_ERR_OK + || selected_len == 0) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_BAD_EXTENSION); return 0; } @@ -1590,6 +1591,8 @@ int tls_parse_stoc_alpn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { size_t len; + PACKET confpkt, protpkt; + int valid = 0; /* We must have requested it. */ if (!s->s3.alpn_sent) { @@ -1608,6 +1611,28 @@ int tls_parse_stoc_alpn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); return 0; } + + /* It must be a protocol that we sent */ + if (!PACKET_buf_init(&confpkt, s->ext.alpn, s->ext.alpn_len)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + return 0; + } + while (PACKET_get_length_prefixed_1(&confpkt, &protpkt)) { + if (PACKET_remaining(&protpkt) != len) + continue; + if (memcmp(PACKET_data(pkt), PACKET_data(&protpkt), len) == 0) { + /* Valid protocol found */ + valid = 1; + break; + } + } + + if (!valid) { + /* The protocol sent from the server does not match one we advertised */ + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); + return 0; + } + OPENSSL_free(s->s3.alpn_selected); s->s3.alpn_selected = OPENSSL_malloc(len); if (s->s3.alpn_selected == NULL) { diff --git a/ssl/statem/extensions_cust.c b/ssl/statem/extensions_cust.c index fd840e8918..4757ee65bf 100644 --- a/ssl/statem/extensions_cust.c +++ b/ssl/statem/extensions_cust.c @@ -158,7 +158,7 @@ int custom_ext_parse(SSL_CONNECTION *s, unsigned int context, if (meth->parse_cb == NULL) return 1; - if (meth->parse_cb(SSL_CONNECTION_GET_SSL(s), ext_type, context, ext_data, + if (meth->parse_cb(SSL_CONNECTION_GET_USER_SSL(s), ext_type, context, ext_data, ext_size, x, chainidx, &al, meth->parse_arg) <= 0) { SSLfatal(s, al, SSL_R_BAD_EXTENSION); return 0; @@ -207,7 +207,7 @@ int custom_ext_add(SSL_CONNECTION *s, int context, WPACKET *pkt, X509 *x, continue; if (meth->add_cb != NULL) { - int cb_retval = meth->add_cb(SSL_CONNECTION_GET_SSL(s), + int cb_retval = meth->add_cb(SSL_CONNECTION_GET_USER_SSL(s), meth->ext_type, context, &out, &outlen, x, chainidx, &al, meth->add_arg); @@ -226,8 +226,8 @@ int custom_ext_add(SSL_CONNECTION *s, int context, WPACKET *pkt, X509 *x, || (outlen > 0 && !WPACKET_memcpy(pkt, out, outlen)) || !WPACKET_close(pkt)) { if (meth->free_cb != NULL) - meth->free_cb(SSL_CONNECTION_GET_SSL(s), meth->ext_type, context, - out, meth->add_arg); + meth->free_cb(SSL_CONNECTION_GET_USER_SSL(s), meth->ext_type, + context, out, meth->add_arg); if (!for_comp) SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; @@ -238,7 +238,7 @@ int custom_ext_add(SSL_CONNECTION *s, int context, WPACKET *pkt, X509 *x, */ if (!ossl_assert((meth->ext_flags & SSL_EXT_FLAG_SENT) == 0)) { if (meth->free_cb != NULL) - meth->free_cb(SSL_CONNECTION_GET_SSL(s), meth->ext_type, + meth->free_cb(SSL_CONNECTION_GET_USER_SSL(s), meth->ext_type, context, out, meth->add_arg); if (!for_comp) SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -252,8 +252,8 @@ int custom_ext_add(SSL_CONNECTION *s, int context, WPACKET *pkt, X509 *x, meth->ext_flags |= SSL_EXT_FLAG_SENT; } if (meth->free_cb != NULL) - meth->free_cb(SSL_CONNECTION_GET_SSL(s), meth->ext_type, context, - out, meth->add_arg); + meth->free_cb(SSL_CONNECTION_GET_USER_SSL(s), meth->ext_type, + context, out, meth->add_arg); } return 1; } diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index 21db977c88..c0f55e277c 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -192,21 +192,26 @@ int tls_parse_ctos_maxfragmentlen(SSL_CONNECTION *s, PACKET *pkt, } /* - * RFC 6066: The negotiated length applies for the duration of the session + * When doing a full handshake or a renegotiation max_fragment_len_mode will + * be TLSEXT_max_fragment_length_UNSPECIFIED + * + * In case of a resumption max_fragment_len_mode will be one of + * TLSEXT_max_fragment_length_DISABLED, TLSEXT_max_fragment_length_512, + * TLSEXT_max_fragment_length_1024, TLSEXT_max_fragment_length_2048. + * TLSEXT_max_fragment_length_4096 + * + * RFC 6066: The negotiated length applies for the duration of the session * including session resumptions. - * We should receive the same code as in resumed session ! + * + * So we only set the value in case it is unspecified. */ - if (s->hit && s->session->ext.max_fragment_len_mode != value) { - SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH); - return 0; - } + if (s->session->ext.max_fragment_len_mode == TLSEXT_max_fragment_length_UNSPECIFIED) + /* + * Store it in session, so it'll become binding for us + * and we'll include it in a next Server Hello. + */ + s->session->ext.max_fragment_len_mode = value; - /* - * Store it in session, so it'll become binding for us - * and we'll include it in a next Server Hello. - */ - s->session->ext.max_fragment_len_mode = value; return 1; } @@ -260,7 +265,7 @@ int tls_parse_ctos_session_ticket(SSL_CONNECTION *s, PACKET *pkt, X509 *x, size_t chainidx) { if (s->ext.session_ticket_cb && - !s->ext.session_ticket_cb(SSL_CONNECTION_GET_SSL(s), + !s->ext.session_ticket_cb(SSL_CONNECTION_GET_USER_SSL(s), PACKET_data(pkt), PACKET_remaining(pkt), s->ext.session_ticket_cb_arg)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -847,7 +852,7 @@ int tls_parse_ctos_cookie(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, } /* Verify the app cookie */ - if (sctx->verify_stateless_cookie_cb(ssl, + if (sctx->verify_stateless_cookie_cb(SSL_CONNECTION_GET_USER_SSL(s), PACKET_data(&appcookie), PACKET_remaining(&appcookie)) == 0) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_COOKIE_MISMATCH); @@ -1025,7 +1030,7 @@ int tls_parse_ctos_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, unsigned int id, i, ext = 0; const EVP_MD *md = NULL; SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); - SSL *ssl = SSL_CONNECTION_GET_SSL(s); + SSL *ussl = SSL_CONNECTION_GET_USER_SSL(s); /* * If we have no PSK kex mode that we recognise then we can't resume so @@ -1054,7 +1059,7 @@ int tls_parse_ctos_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, idlen = PACKET_remaining(&identity); if (s->psk_find_session_cb != NULL - && !s->psk_find_session_cb(ssl, PACKET_data(&identity), idlen, + && !s->psk_find_session_cb(ussl, PACKET_data(&identity), idlen, &sess)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_EXTENSION); return 0; @@ -1072,7 +1077,7 @@ int tls_parse_ctos_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } - pskdatalen = s->psk_server_callback(ssl, pskid, pskdata, + pskdatalen = s->psk_server_callback(ussl, pskid, pskdata, sizeof(pskdata)); OPENSSL_free(pskid); if (pskdatalen > PSK_MAX_PSK_LEN) { @@ -1086,7 +1091,8 @@ int tls_parse_ctos_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, * We found a PSK using an old style callback. We don't know * the digest so we default to SHA256 as per the TLSv1.3 spec */ - cipher = SSL_CIPHER_find(ssl, tls13_aes128gcmsha256_id); + cipher = SSL_CIPHER_find(SSL_CONNECTION_GET_SSL(s), + tls13_aes128gcmsha256_id); if (cipher == NULL) { OPENSSL_cleanse(pskdata, pskdatalen); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -1115,7 +1121,7 @@ int tls_parse_ctos_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, if (sesstmp == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - return 0; + goto err; } SSL_SESSION_free(sess); sess = sesstmp; @@ -1502,8 +1508,8 @@ EXT_RETURN tls_construct_stoc_next_proto_neg(SSL_CONNECTION *s, WPACKET *pkt, if (!npn_seen || sctx->ext.npn_advertised_cb == NULL) return EXT_RETURN_NOT_SENT; - ret = sctx->ext.npn_advertised_cb(SSL_CONNECTION_GET_SSL(s), &npa, &npalen, - sctx->ext.npn_advertised_cb_arg); + ret = sctx->ext.npn_advertised_cb(SSL_CONNECTION_GET_USER_SSL(s), &npa, + &npalen, sctx->ext.npn_advertised_cb_arg); if (ret == SSL_TLSEXT_ERR_OK) { if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_next_proto_neg) || !WPACKET_sub_memcpy_u16(pkt, npa, npalen)) { @@ -1511,9 +1517,10 @@ EXT_RETURN tls_construct_stoc_next_proto_neg(SSL_CONNECTION *s, WPACKET *pkt, return EXT_RETURN_FAIL; } s->s3.npn_seen = 1; + return EXT_RETURN_SENT; } - return EXT_RETURN_SENT; + return EXT_RETURN_NOT_SENT; } #endif @@ -1775,6 +1782,7 @@ EXT_RETURN tls_construct_stoc_cookie(SSL_CONNECTION *s, WPACKET *pkt, int ret = EXT_RETURN_FAIL; SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); SSL *ssl = SSL_CONNECTION_GET_SSL(s); + SSL *ussl = SSL_CONNECTION_GET_USER_SSL(s); if ((s->s3.flags & TLS1_FLAGS_STATELESS) == 0) return EXT_RETURN_NOT_SENT; @@ -1824,7 +1832,7 @@ EXT_RETURN tls_construct_stoc_cookie(SSL_CONNECTION *s, WPACKET *pkt, } /* Generate the application cookie */ - if (sctx->gen_stateless_cookie_cb(ssl, appcookie1, + if (sctx->gen_stateless_cookie_cb(ussl, appcookie1, &appcookielen) == 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_COOKIE_GEN_CALLBACK_FAILURE); return EXT_RETURN_FAIL; diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c index 921d7cfb1e..517f1a60fa 100644 --- a/ssl/statem/statem.c +++ b/ssl/statem/statem.c @@ -357,6 +357,7 @@ static int state_machine(SSL_CONNECTION *s, int server) int ret = -1; int ssret; SSL *ssl = SSL_CONNECTION_GET_SSL(s); + SSL *ussl = SSL_CONNECTION_GET_USER_SSL(s); if (st->state == MSG_FLOW_ERROR) { /* Shouldn't have been called if we're already in the error state */ @@ -399,7 +400,7 @@ static int state_machine(SSL_CONNECTION *s, int server) s->server = server; if (cb != NULL) { if (SSL_IS_FIRST_HANDSHAKE(s) || !SSL_CONNECTION_IS_TLS13(s)) - cb(ssl, SSL_CB_HANDSHAKE_START, 1); + cb(ussl, SSL_CB_HANDSHAKE_START, 1); } /* @@ -521,9 +522,9 @@ static int state_machine(SSL_CONNECTION *s, int server) BUF_MEM_free(buf); if (cb != NULL) { if (server) - cb(ssl, SSL_CB_ACCEPT_EXIT, ret); + cb(ussl, SSL_CB_ACCEPT_EXIT, ret); else - cb(ssl, SSL_CB_CONNECT_EXIT, ret); + cb(ussl, SSL_CB_CONNECT_EXIT, ret); } return ret; } @@ -590,7 +591,7 @@ static SUB_STATE_RETURN read_state_machine(SSL_CONNECTION *s) WORK_STATE(*post_process_message) (SSL_CONNECTION *s, WORK_STATE wst); size_t (*max_message_size) (SSL_CONNECTION *s); void (*cb) (const SSL *ssl, int type, int val) = NULL; - SSL *ssl = SSL_CONNECTION_GET_SSL(s); + SSL *ssl = SSL_CONNECTION_GET_USER_SSL(s); cb = get_callback(s); @@ -813,7 +814,7 @@ static SUB_STATE_RETURN write_state_machine(SSL_CONNECTION *s) CON_FUNC_RETURN (*confunc) (SSL_CONNECTION *s, WPACKET *pkt); int mt; WPACKET pkt; - SSL *ssl = SSL_CONNECTION_GET_SSL(s); + SSL *ssl = SSL_CONNECTION_GET_USER_SSL(s); cb = get_callback(s); diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 2233dd8f48..709ceebbc9 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -1463,6 +1463,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL_CONNECTION *s, PACKET *pkt) unsigned int context; RAW_EXTENSION *extensions = NULL; SSL *ssl = SSL_CONNECTION_GET_SSL(s); + SSL *ussl = SSL_CONNECTION_GET_USER_SSL(s); #ifndef OPENSSL_NO_COMP SSL_COMP *comp; #endif @@ -1623,7 +1624,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL_CONNECTION *s, PACKET *pkt) int master_key_length; master_key_length = sizeof(s->session->master_key); - if (s->ext.session_secret_cb(ssl, s->session->master_key, + if (s->ext.session_secret_cb(ussl, s->session->master_key, &master_key_length, NULL, &pref_cipher, s->ext.session_secret_cb_arg) @@ -1908,6 +1909,7 @@ static WORK_STATE tls_post_process_server_rpk(SSL_CONNECTION *sc, { size_t certidx; const SSL_CERT_LOOKUP *clu; + int v_ok; if (sc->session->peer_rpk == NULL) { SSLfatal(sc, SSL_AD_ILLEGAL_PARAMETER, @@ -1917,9 +1919,19 @@ static WORK_STATE tls_post_process_server_rpk(SSL_CONNECTION *sc, if (sc->rwstate == SSL_RETRY_VERIFY) sc->rwstate = SSL_NOTHING; - if (ssl_verify_rpk(sc, sc->session->peer_rpk) > 0 - && sc->rwstate == SSL_RETRY_VERIFY) + + ERR_set_mark(); + v_ok = ssl_verify_rpk(sc, sc->session->peer_rpk); + if (v_ok <= 0 && sc->verify_mode != SSL_VERIFY_NONE) { + ERR_clear_last_mark(); + SSLfatal(sc, ssl_x509err2alert(sc->verify_result), + SSL_R_CERTIFICATE_VERIFY_FAILED); + return WORK_ERROR; + } + ERR_pop_to_mark(); /* but we keep s->verify_result */ + if (v_ok > 0 && sc->rwstate == SSL_RETRY_VERIFY) { return WORK_MORE_A; + } if ((clu = ssl_cert_lookup_by_pkey(sc->session->peer_rpk, &certidx, SSL_CONNECTION_GET_CTX(sc))) == NULL) { @@ -2069,10 +2081,7 @@ WORK_STATE tls_post_process_server_certificate(SSL_CONNECTION *s, if (s->rwstate == SSL_RETRY_VERIFY) s->rwstate = SSL_NOTHING; - i = ssl_verify_cert_chain(s, s->session->peer_chain); - if (i > 0 && s->rwstate == SSL_RETRY_VERIFY) { - return WORK_MORE_A; - } + /* * The documented interface is that SSL_VERIFY_PEER should be set in order * for client side verification of the server certificate to take place. @@ -2087,12 +2096,17 @@ WORK_STATE tls_post_process_server_certificate(SSL_CONNECTION *s, * (less clean) historic behaviour of performing validation if any flag is * set. The *documented* interface remains the same. */ - if (s->verify_mode != SSL_VERIFY_NONE && i <= 0) { + ERR_set_mark(); + i = ssl_verify_cert_chain(s, s->session->peer_chain); + if (i <= 0 && s->verify_mode != SSL_VERIFY_NONE) { + ERR_clear_last_mark(); SSLfatal(s, ssl_x509err2alert(s->verify_result), SSL_R_CERTIFICATE_VERIFY_FAILED); return WORK_ERROR; } - ERR_clear_error(); /* but we keep s->verify_result */ + ERR_pop_to_mark(); /* but we keep s->verify_result */ + if (i > 0 && s->rwstate == SSL_RETRY_VERIFY) + return WORK_MORE_A; /* * Inconsistency alert: cert_chain does include the peer's certificate, @@ -2929,7 +2943,7 @@ int tls_process_initial_server_flight(SSL_CONNECTION *s) */ if (s->ext.status_type != TLSEXT_STATUSTYPE_nothing && sctx->ext.status_cb != NULL) { - int ret = sctx->ext.status_cb(SSL_CONNECTION_GET_SSL(s), + int ret = sctx->ext.status_cb(SSL_CONNECTION_GET_USER_SSL(s), sctx->ext.status_arg); if (ret == 0) { @@ -3003,7 +3017,7 @@ static int tls_construct_cke_psk_preamble(SSL_CONNECTION *s, WPACKET *pkt) memset(identity, 0, sizeof(identity)); - psklen = s->psk_client_callback(SSL_CONNECTION_GET_SSL(s), + psklen = s->psk_client_callback(SSL_CONNECTION_GET_USER_SSL(s), s->session->psk_identity_hint, identity, sizeof(identity) - 1, psk, sizeof(psk)); @@ -4054,7 +4068,7 @@ int ssl_do_client_cert_cb(SSL_CONNECTION *s, X509 **px509, EVP_PKEY **ppkey) } #endif if (sctx->client_cert_cb) - i = sctx->client_cert_cb(SSL_CONNECTION_GET_SSL(s), px509, ppkey); + i = sctx->client_cert_cb(SSL_CONNECTION_GET_USER_SSL(s), px509, ppkey); return i; } diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c index 3897183f81..92d17e0f20 100644 --- a/ssl/statem/statem_dtls.c +++ b/ssl/statem/statem_dtls.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -112,6 +112,7 @@ int dtls1_do_write(SSL_CONNECTION *s, uint8_t type) int retry = 1; size_t len, frag_off, overhead, used_len; SSL *ssl = SSL_CONNECTION_GET_SSL(s); + SSL *ussl = SSL_CONNECTION_GET_USER_SSL(s); if (!dtls1_query_mtu(s)) return -1; @@ -293,7 +294,7 @@ int dtls1_do_write(SSL_CONNECTION *s, uint8_t type) if (written == s->init_num) { if (s->msg_callback) s->msg_callback(1, s->version, type, s->init_buf->data, - (size_t)(s->init_off + s->init_num), ssl, + (size_t)(s->init_off + s->init_num), ussl, s->msg_callback_arg); s->init_off = 0; /* done writing this message */ @@ -346,7 +347,7 @@ int dtls_get_message(SSL_CONNECTION *s, int *mt) if (*mt == SSL3_MT_CHANGE_CIPHER_SPEC) { if (s->msg_callback) { s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, - p, 1, SSL_CONNECTION_GET_SSL(s), + p, 1, SSL_CONNECTION_GET_USER_SSL(s), s->msg_callback_arg); } /* @@ -407,7 +408,7 @@ int dtls_get_message_body(SSL_CONNECTION *s, size_t *len) if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, s->init_num + DTLS1_HM_HEADER_LENGTH, - SSL_CONNECTION_GET_SSL(s), s->msg_callback_arg); + SSL_CONNECTION_GET_USER_SSL(s), s->msg_callback_arg); end: *len = s->init_num; @@ -806,6 +807,7 @@ static int dtls_get_reassembled_message(SSL_CONNECTION *s, int *errtype, struct hm_header_st msg_hdr; size_t readbytes; SSL *ssl = SSL_CONNECTION_GET_SSL(s); + SSL *ussl = SSL_CONNECTION_GET_USER_SSL(s); int chretran = 0; unsigned char *p; @@ -911,7 +913,7 @@ static int dtls_get_reassembled_message(SSL_CONNECTION *s, int *errtype, if (p[1] == 0 && p[2] == 0 && p[3] == 0) { if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, - p, DTLS1_HM_HEADER_LENGTH, ssl, + p, DTLS1_HM_HEADER_LENGTH, ussl, s->msg_callback_arg); s->init_num = 0; diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 7ef74b1f69..a52b8af636 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -63,6 +63,7 @@ int ssl3_do_write(SSL_CONNECTION *s, uint8_t type) int ret; size_t written = 0; SSL *ssl = SSL_CONNECTION_GET_SSL(s); + SSL *ussl = SSL_CONNECTION_GET_USER_SSL(s); /* * If we're running the test suite then we may need to mutate the message @@ -112,7 +113,7 @@ int ssl3_do_write(SSL_CONNECTION *s, uint8_t type) s->statem.write_in_progress = 0; if (s->msg_callback) s->msg_callback(1, s->version, type, s->init_buf->data, - (size_t)(s->init_off + s->init_num), ssl, + (size_t)(s->init_off + s->init_num), ussl, s->msg_callback_arg); return 1; } @@ -516,6 +517,10 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL_CONNECTION *s, PACKET *pkt) SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); goto err; } + if (PACKET_remaining(pkt) != 0) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); + goto err; + } if (!get_cert_verify_tbs_data(s, tls13tbs, &hdata, &hdatalen)) { /* SSLfatal() already called */ @@ -1407,7 +1412,7 @@ WORK_STATE tls_finish_handshake(SSL_CONNECTION *s, ossl_unused WORK_STATE wst, { void (*cb) (const SSL *ssl, int type, int val) = NULL; int cleanuphand = s->statem.cleanuphand; - SSL *ssl = SSL_CONNECTION_GET_SSL(s); + SSL *ssl = SSL_CONNECTION_GET_USER_SSL(s); SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); if (clearbufs) { @@ -1419,7 +1424,7 @@ WORK_STATE tls_finish_handshake(SSL_CONNECTION *s, ossl_unused WORK_STATE wst, * MUST NOT be used. * Hence the init_buf can be cleared when DTLS over SCTP as transport is used. */ - || BIO_dgram_is_sctp(SSL_get_wbio(ssl)) + || BIO_dgram_is_sctp(SSL_get_wbio(SSL_CONNECTION_GET_SSL(s))) #endif ) { /* @@ -1531,6 +1536,7 @@ int tls_get_message_header(SSL_CONNECTION *s, int *mt) unsigned char *p; size_t l, readbytes; SSL *ssl = SSL_CONNECTION_GET_SSL(s); + SSL *ussl = SSL_CONNECTION_GET_USER_SSL(s); p = (unsigned char *)s->init_buf->data; @@ -1594,7 +1600,7 @@ int tls_get_message_header(SSL_CONNECTION *s, int *mt) if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, - p, SSL3_HM_HEADER_LENGTH, ssl, + p, SSL3_HM_HEADER_LENGTH, ussl, s->msg_callback_arg); } } while (skip_message); @@ -1639,6 +1645,7 @@ int tls_get_message_body(SSL_CONNECTION *s, size_t *len) unsigned char *p; int i; SSL *ssl = SSL_CONNECTION_GET_SSL(s); + SSL *ussl = SSL_CONNECTION_GET_USER_SSL(s); if (s->s3.tmp.message_type == SSL3_MT_CHANGE_CIPHER_SPEC) { /* We've already read everything in */ @@ -1680,7 +1687,7 @@ int tls_get_message_body(SSL_CONNECTION *s, size_t *len) } if (s->msg_callback) s->msg_callback(0, SSL2_VERSION, 0, s->init_buf->data, - (size_t)s->init_num, ssl, s->msg_callback_arg); + (size_t)s->init_num, ussl, s->msg_callback_arg); } else { /* * We defer feeding in the HRR until later. We'll do it as part of @@ -1708,7 +1715,7 @@ int tls_get_message_body(SSL_CONNECTION *s, size_t *len) } if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, - (size_t)s->init_num + SSL3_HM_HEADER_LENGTH, ssl, + (size_t)s->init_num + SSL3_HM_HEADER_LENGTH, ussl, s->msg_callback_arg); } @@ -2855,7 +2862,7 @@ MSG_PROCESS_RETURN tls13_process_compressed_certificate(SSL_CONNECTION *sc, } } if (!found) { - SSLfatal(sc, SSL_AD_BAD_CERTIFICATE, SSL_R_BAD_COMPRESSION_ALGORITHM); + SSLfatal(sc, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_COMPRESSION_ALGORITHM); goto err; } } @@ -2880,9 +2887,17 @@ MSG_PROCESS_RETURN tls13_process_compressed_certificate(SSL_CONNECTION *sc, if ((comp = COMP_CTX_new(method)) == NULL || !PACKET_get_net_3_len(pkt, &expected_length) - || !PACKET_get_net_3_len(pkt, &comp_length) - || PACKET_remaining(pkt) != comp_length - || !BUF_MEM_grow(buf, expected_length) + || !PACKET_get_net_3_len(pkt, &comp_length)) { + SSLfatal(sc, SSL_AD_BAD_CERTIFICATE, SSL_R_BAD_DECOMPRESSION); + goto err; + } + + if (PACKET_remaining(pkt) != comp_length || comp_length == 0) { + SSLfatal(sc, SSL_AD_DECODE_ERROR, SSL_R_BAD_DECOMPRESSION); + goto err; + } + + if (!BUF_MEM_grow(buf, expected_length) || !PACKET_buf_init(tmppkt, (unsigned char *)buf->data, expected_length) || COMP_expand_block(comp, (unsigned char *)buf->data, expected_length, (unsigned char*)PACKET_data(pkt), comp_length) != (int)expected_length) { diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 99085a4cc1..dbdaf3816e 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -1380,7 +1380,7 @@ CON_FUNC_RETURN dtls_construct_hello_verify_request(SSL_CONNECTION *s, SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); if (sctx->app_gen_cookie_cb == NULL - || sctx->app_gen_cookie_cb(SSL_CONNECTION_GET_SSL(s), s->d1->cookie, + || sctx->app_gen_cookie_cb(SSL_CONNECTION_GET_USER_SSL(s), s->d1->cookie, &cookie_leni) == 0 || cookie_leni > DTLS1_COOKIE_LENGTH) { SSLfatal(s, SSL_AD_NO_ALERT, SSL_R_COOKIE_GEN_CALLBACK_FAILURE); @@ -1694,12 +1694,13 @@ static int tls_early_post_process_client_hello(SSL_CONNECTION *s) DOWNGRADE dgrd = DOWNGRADE_NONE; SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); SSL *ssl = SSL_CONNECTION_GET_SSL(s); + SSL *ussl = SSL_CONNECTION_GET_USER_SSL(s); /* Finished parsing the ClientHello, now we can start processing it */ /* Give the ClientHello callback a crack at things */ if (sctx->client_hello_cb != NULL) { /* A failure in the ClientHello callback terminates the connection. */ - switch (sctx->client_hello_cb(ssl, &al, sctx->client_hello_cb_arg)) { + switch (sctx->client_hello_cb(ussl, &al, sctx->client_hello_cb_arg)) { case SSL_CLIENT_HELLO_SUCCESS: break; case SSL_CLIENT_HELLO_RETRY: @@ -1755,8 +1756,8 @@ static int tls_early_post_process_client_hello(SSL_CONNECTION *s) /* Empty cookie was already handled above by returning early. */ if (SSL_get_options(ssl) & SSL_OP_COOKIE_EXCHANGE) { if (sctx->app_verify_cookie_cb != NULL) { - if (sctx->app_verify_cookie_cb(ssl, clienthello->dtls_cookie, - clienthello->dtls_cookie_len) == 0) { + if (sctx->app_verify_cookie_cb(ussl, clienthello->dtls_cookie, + clienthello->dtls_cookie_len) == 0) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_COOKIE_MISMATCH); goto err; @@ -1959,6 +1960,11 @@ static int tls_early_post_process_client_hello(SSL_CONNECTION *s) } } + if (!s->hit && !tls1_set_server_sigalgs(s)) { + /* SSLfatal() already called */ + goto err; + } + if (!s->hit && s->version >= TLS1_VERSION && !SSL_CONNECTION_IS_TLS13(s) @@ -1972,7 +1978,7 @@ static int tls_early_post_process_client_hello(SSL_CONNECTION *s) int master_key_length; master_key_length = sizeof(s->session->master_key); - if (s->ext.session_secret_cb(ssl, s->session->master_key, + if (s->ext.session_secret_cb(ussl, s->session->master_key, &master_key_length, ciphers, &pref_cipher, s->ext.session_secret_cb_arg) @@ -2110,10 +2116,6 @@ static int tls_early_post_process_client_hello(SSL_CONNECTION *s) #else s->session->compress_meth = (comp == NULL) ? 0 : comp->id; #endif - if (!tls1_set_server_sigalgs(s)) { - /* SSLfatal() already called */ - goto err; - } } sk_SSL_CIPHER_free(ciphers); @@ -2159,7 +2161,7 @@ static int tls_handle_status_request(SSL_CONNECTION *s) * et al can pick it up. */ s->cert->key = s->s3.tmp.cert; - ret = sctx->ext.status_cb(SSL_CONNECTION_GET_SSL(s), + ret = sctx->ext.status_cb(SSL_CONNECTION_GET_USER_SSL(s), sctx->ext.status_arg); switch (ret) { /* We don't want to send a status request response */ @@ -2194,7 +2196,7 @@ int tls_handle_alpn(SSL_CONNECTION *s) SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); if (sctx->ext.alpn_select_cb != NULL && s->s3.alpn_proposed != NULL) { - int r = sctx->ext.alpn_select_cb(SSL_CONNECTION_GET_SSL(s), + int r = sctx->ext.alpn_select_cb(SSL_CONNECTION_GET_USER_SSL(s), &selected, &selected_len, s->s3.alpn_proposed, (unsigned int)s->s3.alpn_proposed_len, @@ -2269,6 +2271,7 @@ WORK_STATE tls_post_process_client_hello(SSL_CONNECTION *s, WORK_STATE wst) { const SSL_CIPHER *cipher; SSL *ssl = SSL_CONNECTION_GET_SSL(s); + SSL *ussl = SSL_CONNECTION_GET_USER_SSL(s); if (wst == WORK_MORE_A) { int rv = tls_early_post_process_client_hello(s); @@ -2284,7 +2287,8 @@ WORK_STATE tls_post_process_client_hello(SSL_CONNECTION *s, WORK_STATE wst) if (!s->hit || SSL_CONNECTION_IS_TLS13(s)) { /* Let cert callback update server certificates if required */ if (!s->hit && s->cert->cert_cb != NULL) { - int rv = s->cert->cert_cb(ssl, s->cert->cert_cb_arg); + int rv = s->cert->cert_cb(ussl, s->cert->cert_cb_arg); + if (rv == 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_CERT_CB_ERROR); goto err; @@ -2317,7 +2321,7 @@ WORK_STATE tls_post_process_client_hello(SSL_CONNECTION *s, WORK_STATE wst) /* check whether we should disable session resumption */ if (s->not_resumable_session_cb != NULL) s->session->not_resumable = - s->not_resumable_session_cb(ssl, + s->not_resumable_session_cb(ussl, ((s->s3.tmp.new_cipher->algorithm_mkey & (SSL_kDHE | SSL_kECDHE)) != 0)); if (s->session->not_resumable) @@ -2425,9 +2429,8 @@ CON_FUNC_RETURN tls_construct_server_hello(SSL_CONNECTION *s, WPACKET *pkt) * so the following won't overwrite an ID that we're supposed * to send back. */ - if (s->session->not_resumable || - (!(SSL_CONNECTION_GET_CTX(s)->session_cache_mode & SSL_SESS_CACHE_SERVER) - && !s->hit)) + if (!(SSL_CONNECTION_GET_CTX(s)->session_cache_mode & SSL_SESS_CACHE_SERVER) + && !s->hit) s->session->session_id_length = 0; if (usetls13) { @@ -2558,7 +2561,7 @@ CON_FUNC_RETURN tls_construct_server_key_exchange(SSL_CONNECTION *s, } #if !defined(OPENSSL_NO_DEPRECATED_3_0) if ((pkdhp == NULL) && (s->cert->dh_tmp_cb != NULL)) { - pkdh = ssl_dh_to_pkey(s->cert->dh_tmp_cb(SSL_CONNECTION_GET_SSL(s), + pkdh = ssl_dh_to_pkey(s->cert->dh_tmp_cb(SSL_CONNECTION_GET_USER_SSL(s), 0, 1024)); if (pkdh == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -2914,7 +2917,7 @@ static int tls_process_cke_psk_preamble(SSL_CONNECTION *s, PACKET *pkt) return 0; } - psklen = s->psk_server_callback(SSL_CONNECTION_GET_SSL(s), + psklen = s->psk_server_callback(SSL_CONNECTION_GET_USER_SSL(s), s->session->psk_identity, psk, sizeof(psk)); @@ -3080,7 +3083,7 @@ static int tls_process_cke_dhe(SSL_CONNECTION *s, PACKET *pkt) } if (!EVP_PKEY_set1_encoded_public_key(ckey, data, i)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE); goto err; } @@ -3134,7 +3137,7 @@ static int tls_process_cke_ecdhe(SSL_CONNECTION *s, PACKET *pkt) } if (EVP_PKEY_set1_encoded_public_key(ckey, data, i) <= 0) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EC_LIB); + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE); goto err; } } @@ -3230,7 +3233,7 @@ static int tls_process_cke_gost(SSL_CONNECTION *s, PACKET *pkt) } if (EVP_PKEY_decrypt_init(pkey_ctx) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - return 0; + goto err; } /* * If client certificate is present and is of the same type, maybe @@ -3932,7 +3935,7 @@ static CON_FUNC_RETURN construct_stateless_ticket(SSL_CONNECTION *s, int iv_len; CON_FUNC_RETURN ok = CON_FUNC_ERROR; size_t macoffset, macendoffset; - SSL *ssl = SSL_CONNECTION_GET_SSL(s); + SSL *ssl = SSL_CONNECTION_GET_USER_SSL(s); SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); /* get session encoding length */ @@ -4243,7 +4246,7 @@ CON_FUNC_RETURN tls_construct_new_session_ticket(SSL_CONNECTION *s, WPACKET *pkt } if (tctx->generate_ticket_cb != NULL && - tctx->generate_ticket_cb(SSL_CONNECTION_GET_SSL(s), + tctx->generate_ticket_cb(SSL_CONNECTION_GET_USER_SSL(s), tctx->ticket_cb_data) == 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 4a1ce6dec9..2e9e24a8cf 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2005 Nokia. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index bfe6331aae..86758fae5a 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -714,6 +714,7 @@ int ssl_load_sigalgs(SSL_CTX *ctx) /* now populate ctx->ssl_cert_info */ if (ctx->sigalg_list_len > 0) { + OPENSSL_free(ctx->ssl_cert_info); ctx->ssl_cert_info = OPENSSL_zalloc(sizeof(lu) * ctx->sigalg_list_len); if (ctx->ssl_cert_info == NULL) return 0; @@ -2287,7 +2288,8 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL_CONNECTION *s, int rv = 0; if (tctx->ext.ticket_key_evp_cb != NULL) - rv = tctx->ext.ticket_key_evp_cb(SSL_CONNECTION_GET_SSL(s), nctick, + rv = tctx->ext.ticket_key_evp_cb(SSL_CONNECTION_GET_USER_SSL(s), + nctick, nctick + TLSEXT_KEYNAME_LENGTH, ctx, ssl_hmac_get0_EVP_MAC_CTX(hctx), @@ -2295,7 +2297,7 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL_CONNECTION *s, #ifndef OPENSSL_NO_DEPRECATED_3_0 else if (tctx->ext.ticket_key_cb != NULL) /* if 0 is returned, write an empty ticket */ - rv = tctx->ext.ticket_key_cb(SSL_CONNECTION_GET_SSL(s), nctick, + rv = tctx->ext.ticket_key_cb(SSL_CONNECTION_GET_USER_SSL(s), nctick, nctick + TLSEXT_KEYNAME_LENGTH, ctx, ssl_hmac_get0_HMAC_CTX(hctx), 0); #endif @@ -2854,6 +2856,7 @@ typedef struct { size_t sigalgcnt; /* TLSEXT_SIGALG_XXX values */ uint16_t sigalgs[TLS_MAX_SIGALGCNT]; + SSL_CTX *ctx; } sig_cb_st; static void get_sigorhash(int *psig, int *phash, const char *str) @@ -2878,7 +2881,7 @@ static void get_sigorhash(int *psig, int *phash, const char *str) static int sig_cb(const char *elem, int len, void *arg) { sig_cb_st *sarg = arg; - size_t i; + size_t i = 0; const SIGALG_LOOKUP *s; char etmp[TLS_MAX_SIGSTRING_LEN], *p; int sig_alg = NID_undef, hash_alg = NID_undef; @@ -2908,16 +2911,32 @@ static int sig_cb(const char *elem, int len, void *arg) * in the table. */ if (p == NULL) { - for (i = 0, s = sigalg_lookup_tbl; i < OSSL_NELEM(sigalg_lookup_tbl); - i++, s++) { - if (s->name != NULL && strcmp(etmp, s->name) == 0) { - sarg->sigalgs[sarg->sigalgcnt++] = s->sigalg; - break; + /* Load provider sigalgs */ + if (sarg->ctx != NULL) { + /* Check if a provider supports the sigalg */ + for (i = 0; i < sarg->ctx->sigalg_list_len; i++) { + if (sarg->ctx->sigalg_list[i].sigalg_name != NULL + && strcmp(etmp, + sarg->ctx->sigalg_list[i].sigalg_name) == 0) { + sarg->sigalgs[sarg->sigalgcnt++] = + sarg->ctx->sigalg_list[i].code_point; + break; + } } } - if (i == OSSL_NELEM(sigalg_lookup_tbl)) { - /* Ignore unknown algorithms if ignore_unknown */ - return ignore_unknown; + /* Check the built-in sigalgs */ + if (sarg->ctx == NULL || i == sarg->ctx->sigalg_list_len) { + for (i = 0, s = sigalg_lookup_tbl; + i < OSSL_NELEM(sigalg_lookup_tbl); i++, s++) { + if (s->name != NULL && strcmp(etmp, s->name) == 0) { + sarg->sigalgs[sarg->sigalgcnt++] = s->sigalg; + break; + } + } + if (i == OSSL_NELEM(sigalg_lookup_tbl)) { + /* Ignore unknown algorithms if ignore_unknown */ + return ignore_unknown; + } } } else { *p = 0; @@ -2957,10 +2976,13 @@ static int sig_cb(const char *elem, int len, void *arg) * Set supported signature algorithms based on a colon separated list of the * form sig+hash e.g. RSA+SHA512:DSA+SHA512 */ -int tls1_set_sigalgs_list(CERT *c, const char *str, int client) +int tls1_set_sigalgs_list(SSL_CTX *ctx, CERT *c, const char *str, int client) { sig_cb_st sig; sig.sigalgcnt = 0; + + if (ctx != NULL) + sig.ctx = ctx; if (!CONF_parse_list(str, ':', 1, sig_cb, &sig)) return 0; if (sig.sigalgcnt == 0) { @@ -3904,6 +3926,8 @@ int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode) uint8_t SSL_SESSION_get_max_fragment_length(const SSL_SESSION *session) { + if (session->ext.max_fragment_len_mode == TLSEXT_max_fragment_length_UNSPECIFIED) + return TLSEXT_max_fragment_length_DISABLED; return session->ext.max_fragment_len_mode; } diff --git a/ssl/tls_srp.c b/ssl/tls_srp.c index 80c70bbaa2..0451e96bb5 100644 --- a/ssl/tls_srp.c +++ b/ssl/tls_srp.c @@ -199,7 +199,7 @@ int ssl_srp_server_param_with_username_intern(SSL_CONNECTION *s, int *ad) *ad = SSL_AD_UNKNOWN_PSK_IDENTITY; if ((s->srp_ctx.TLS_ext_srp_username_callback != NULL) && ((al = - s->srp_ctx.TLS_ext_srp_username_callback(SSL_CONNECTION_GET_SSL(s), + s->srp_ctx.TLS_ext_srp_username_callback(SSL_CONNECTION_GET_USER_SSL(s), ad, s->srp_ctx.SRP_cb_arg)) != SSL_ERROR_NONE)) @@ -373,7 +373,7 @@ int srp_generate_client_master_secret(SSL_CONNECTION *s) SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } - if ((passwd = s->srp_ctx.SRP_give_srp_client_pwd_callback(SSL_CONNECTION_GET_SSL(s), + if ((passwd = s->srp_ctx.SRP_give_srp_client_pwd_callback(SSL_CONNECTION_GET_USER_SSL(s), s->srp_ctx.SRP_cb_arg)) == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_CALLBACK_FAILED); @@ -426,7 +426,7 @@ int srp_verify_server_param(SSL_CONNECTION *s) } if (srp->SRP_verify_param_callback) { - if (srp->SRP_verify_param_callback(SSL_CONNECTION_GET_SSL(s), + if (srp->SRP_verify_param_callback(SSL_CONNECTION_GET_USER_SSL(s), srp->SRP_cb_arg) <= 0) { SSLfatal(s, SSL_AD_INSUFFICIENT_SECURITY, SSL_R_CALLBACK_FAILED); return 0; diff --git a/test/acvp_test.c b/test/acvp_test.c index 45509095af..f738ee35f7 100644 --- a/test/acvp_test.c +++ b/test/acvp_test.c @@ -1251,7 +1251,7 @@ static int rsa_decryption_primitive_test(int id) BN_CTX *bn_ctx = NULL; const struct rsa_decrypt_prim_st *tst = &rsa_decrypt_prim_data[id]; - if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", 2048)) + if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", (size_t)2048)) || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, &n, &n_len)) || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_E, &e, &e_len)) || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, "")) diff --git a/test/asn1_decode_test.c b/test/asn1_decode_test.c index f112dd7034..04d73f3509 100644 --- a/test/asn1_decode_test.c +++ b/test/asn1_decode_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/asn1_stable_parse_test.c b/test/asn1_stable_parse_test.c index 491e575edd..2cda581afc 100644 --- a/test/asn1_stable_parse_test.c +++ b/test/asn1_stable_parse_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/asn1_time_test.c b/test/asn1_time_test.c index 0daf88b203..7736fd3416 100644 --- a/test/asn1_time_test.c +++ b/test/asn1_time_test.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/bad_dtls_test.c b/test/bad_dtls_test.c index 2e12de2702..50464029f7 100644 --- a/test/bad_dtls_test.c +++ b/test/bad_dtls_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -504,7 +504,6 @@ static int test_bad_dtls(void) if (!TEST_ptr(con) || !TEST_true(SSL_set_session(con, sess))) goto end; - SSL_SESSION_free(sess); rbio = BIO_new(BIO_s_mem()); wbio = BIO_new(BIO_s_mem()); @@ -592,6 +591,7 @@ static int test_bad_dtls(void) testresult = 1; end: + SSL_SESSION_free(sess); BIO_free(rbio); BIO_free(wbio); SSL_free(con); diff --git a/test/bio_pw_callback_test.c b/test/bio_pw_callback_test.c new file mode 100644 index 0000000000..e11368454a --- /dev/null +++ b/test/bio_pw_callback_test.c @@ -0,0 +1,402 @@ +/* + * Copyright 2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "testutil.h" + +#include +#include + +/* dummy data that needs to be passed to the callback */ +typedef struct CallbackData { + char magic; + int result; +} CALLBACK_DATA; + +/* constants */ +static const char weak_password[] = "weak_password"; +static const char a0a_password[] = "aaaaaaaa\0aaaaaaaa"; +static const char a0b_password[] = "aaaaaaaa\0bbbbbbbb"; +static const char cb_magic = 'p'; + +/* shared working data for all tests */ +static char *key_file = NULL; +static EVP_PKEY *original_pkey = NULL; + +/* the test performed by the callback */ +typedef enum CallbackTest { + CB_TEST_NEGATIVE = 0, + CB_TEST_ZERO_LENGTH, + CB_TEST_WEAK, + CB_TEST_16ZERO, + CB_TEST_A0A, + CB_TEST_A0B, + CB_TEST_MATCH_SIZE, + CB_TEST_EXCEED_SIZE +} CALLBACK_TEST; +static CALLBACK_TEST callback_test = CB_TEST_NEGATIVE; + +typedef enum KeyEncoding { + KE_PEM = 0, + KE_PKCS8 +} KEY_ENCODING; + +typedef enum ExpectedResult { + ER_FAILURE = 0, + ER_SUCCESS +} EXPECTED_RESULT; + +typedef enum OPTION_choice { + OPT_ERR = -1, + OPT_EOF = 0, + OPT_KEY_FILE, + OPT_TEST_ENUM +} OPTION_CHOICE; + +const OPTIONS *test_get_options(void) +{ + static const OPTIONS test_options[] = { + OPT_TEST_OPTIONS_DEFAULT_USAGE, + { "keyfile", OPT_KEY_FILE, '<', + "The PEM file with the encrypted key to load" }, + { NULL } + }; + return test_options; +} + +static int callback_copy_password(char *buf, int size) +{ + int ret = -1; + + switch (callback_test) { + case CB_TEST_NEGATIVE: + break; + case CB_TEST_ZERO_LENGTH: + ret = 0; + break; + case CB_TEST_WEAK: + ret = sizeof(weak_password) - 1; + memcpy(buf, weak_password, ret); + break; + case CB_TEST_16ZERO: + memset(buf, 0, 16); + ret = 16; + break; + case CB_TEST_A0A: + ret = sizeof(a0a_password) - 1; + memcpy(buf, a0a_password, ret); + break; + case CB_TEST_A0B: + ret = sizeof(a0b_password) - 1; + memcpy(buf, a0b_password, ret); + break; + case CB_TEST_MATCH_SIZE: + memset(buf, 'e', size); + ret = size; + break; + case CB_TEST_EXCEED_SIZE: + memset(buf, 'e', size); + ret = 1000000; + break; + } + return ret; +} + +static int read_callback(char *buf, int size, int rwflag, void *u) +{ + CALLBACK_DATA *cb_data = (CALLBACK_DATA *)u; + int ret = -1; + + /* basic verification of the received data */ + if (!TEST_ptr(cb_data)) + goto err; + if (!TEST_char_eq(cb_data->magic, cb_magic)) + goto err; + if (!TEST_ptr(buf)) + goto err; + if (!TEST_int_gt(size, 0)) + goto err; + if (!TEST_int_eq(rwflag, 0)) + goto err; + ret = callback_copy_password(buf, size); + cb_data->result = 1; +err: + return ret; +} + +static int write_callback(char *buf, int size, int rwflag, void *u) +{ + CALLBACK_DATA *cb_data = (CALLBACK_DATA *)u; + int ret = -1; + + /* basic verification of the received data */ + if (!TEST_ptr(cb_data)) + goto err; + if (!TEST_char_eq(cb_data->magic, cb_magic)) + goto err; + if (!TEST_ptr(buf)) + goto err; + if (!TEST_int_gt(size, 0)) + goto err; + if (!TEST_int_eq(rwflag, 1)) + goto err; + ret = callback_copy_password(buf, size); + cb_data->result = 1; +err: + return ret; +} + +static int re_encrypt_key(char **enc_data, int *enc_data_size, + KEY_ENCODING key_encoding) +{ + CALLBACK_DATA cb_data; + int w_ret = 0; + BUF_MEM *bptr = NULL; + BIO *bio = NULL; + int ret = 0; + + if (!TEST_ptr(enc_data)) + goto err; + if (!TEST_ptr(enc_data_size)) + goto err; + if (!TEST_ptr(bio = BIO_new(BIO_s_mem()))) + goto err; + cb_data.magic = cb_magic; + cb_data.result = 0; + switch (key_encoding) { + case KE_PEM: + w_ret = PEM_write_bio_PrivateKey(bio, original_pkey, EVP_aes_256_cbc(), + NULL, 0, write_callback, &cb_data); + break; + case KE_PKCS8: + w_ret = i2d_PKCS8PrivateKey_bio(bio, original_pkey, EVP_aes_256_cbc(), + NULL, 0, write_callback, &cb_data); + break; + } + if (!TEST_int_ne(w_ret, 0)) + goto err; + if (!TEST_char_eq(cb_data.magic, cb_magic)) + goto err; + if (!TEST_int_eq(cb_data.result, 1)) + goto err; + *enc_data_size = BIO_get_mem_data(bio, enc_data); + BIO_get_mem_ptr(bio, &bptr); + if (!BIO_set_close(bio, BIO_NOCLOSE)) + goto err; + bptr->data = NULL; + ret = 1; +err: + BUF_MEM_free(bptr); + BIO_free(bio); + return ret; +} + +static int decrypt_key(char *enc_data, int enc_data_size, + KEY_ENCODING key_encoding, + EXPECTED_RESULT expected_result) +{ + CALLBACK_DATA cb_data; + EVP_PKEY *r_ret = NULL; + BIO *bio = NULL; + EVP_PKEY *pkey = NULL; + int ret = 0; + + if (!TEST_ptr(bio = BIO_new_mem_buf(enc_data, enc_data_size))) + goto err; + cb_data.magic = cb_magic; + cb_data.result = 0; + switch (key_encoding) { + case KE_PEM: + r_ret = PEM_read_bio_PrivateKey(bio, &pkey, read_callback, &cb_data); + break; + case KE_PKCS8: + r_ret = d2i_PKCS8PrivateKey_bio(bio, &pkey, read_callback, &cb_data); + break; + } + if (expected_result == ER_SUCCESS) { + if (!TEST_ptr(r_ret)) + goto err; + } else { + if (!TEST_ptr_null(r_ret)) + goto err; + } + if (!TEST_char_eq(cb_data.magic, cb_magic)) + goto err; + if (!TEST_int_eq(cb_data.result, 1)) + goto err; + ret = 1; +err: + EVP_PKEY_free(pkey); + BIO_free(bio); + return ret; +} + +static int full_cycle_test(KEY_ENCODING key_encoding, CALLBACK_TEST write_test, + CALLBACK_TEST read_test, + EXPECTED_RESULT expected_read_result) +{ + char *enc_data = NULL; + int enc_data_size = 0; + int ret = 0; + + callback_test = write_test; + if (!re_encrypt_key(&enc_data, &enc_data_size, key_encoding)) + goto err; + callback_test = read_test; + if (!decrypt_key(enc_data, enc_data_size, key_encoding, + expected_read_result)) + goto err; + ret = 1; +err: + OPENSSL_free(enc_data); + return ret; +} + +static int test_pem_negative(void) +{ + return full_cycle_test(KE_PEM, CB_TEST_WEAK, CB_TEST_NEGATIVE, ER_FAILURE); +} + +static int test_pem_zero_length(void) +{ + return full_cycle_test(KE_PEM, CB_TEST_ZERO_LENGTH, CB_TEST_ZERO_LENGTH, + ER_SUCCESS); +} + +static int test_pem_weak(void) +{ + return full_cycle_test(KE_PEM, CB_TEST_WEAK, CB_TEST_WEAK, ER_SUCCESS); +} + +static int test_pem_16zero(void) +{ + return full_cycle_test(KE_PEM, CB_TEST_16ZERO, CB_TEST_16ZERO, ER_SUCCESS); +} + +static int test_pem_a0a(void) +{ + return full_cycle_test(KE_PEM, CB_TEST_A0A, CB_TEST_A0A, ER_SUCCESS); +} + +static int test_pem_a0a_a0b(void) +{ + return full_cycle_test(KE_PEM, CB_TEST_A0A, CB_TEST_A0B, ER_FAILURE); +} + +static int test_pem_match_size(void) +{ + return full_cycle_test(KE_PEM, CB_TEST_MATCH_SIZE, CB_TEST_MATCH_SIZE, + ER_SUCCESS); +} + +static int test_pem_exceed_size(void) +{ + return full_cycle_test(KE_PEM, CB_TEST_MATCH_SIZE, CB_TEST_EXCEED_SIZE, + ER_FAILURE); +} + +static int test_pkcs8_negative(void) +{ + return full_cycle_test(KE_PKCS8, CB_TEST_WEAK, CB_TEST_NEGATIVE, ER_FAILURE); +} + +static int test_pkcs8_zero_length(void) +{ + return full_cycle_test(KE_PKCS8, CB_TEST_ZERO_LENGTH, CB_TEST_ZERO_LENGTH, + ER_SUCCESS); +} + +static int test_pkcs8_weak(void) +{ + return full_cycle_test(KE_PKCS8, CB_TEST_WEAK, CB_TEST_WEAK, ER_SUCCESS); +} + +static int test_pkcs8_16zero(void) +{ + return full_cycle_test(KE_PKCS8, CB_TEST_16ZERO, CB_TEST_16ZERO, + ER_SUCCESS); +} + +static int test_pkcs8_a0a(void) +{ + return full_cycle_test(KE_PKCS8, CB_TEST_A0A, CB_TEST_A0A, ER_SUCCESS); +} + +static int test_pkcs8_a0a_a0b(void) +{ + return full_cycle_test(KE_PKCS8, CB_TEST_A0A, CB_TEST_A0B, ER_FAILURE); +} + +static int test_pkcs8_match_size(void) +{ + return full_cycle_test(KE_PKCS8, CB_TEST_MATCH_SIZE, CB_TEST_MATCH_SIZE, + ER_SUCCESS); +} + +static int test_pkcs8_exceed_size(void) +{ + return full_cycle_test(KE_PKCS8, CB_TEST_MATCH_SIZE, CB_TEST_EXCEED_SIZE, + ER_FAILURE); +} + +static int callback_original_pw(char *buf, int size, int rwflag, void *u) +{ + memcpy(buf, weak_password, sizeof(weak_password) - 1); + return sizeof(weak_password) - 1; +} + +int setup_tests(void) +{ + OPTION_CHOICE o; + BIO *bio = NULL; + + while ((o = opt_next()) != OPT_EOF) { + switch (o) { + case OPT_KEY_FILE: + key_file = opt_arg(); + break; + case OPT_TEST_CASES: + break; + default: + case OPT_ERR: + return 0; + } + } + + /* read the original key */ + if (!TEST_ptr(bio = BIO_new_file(key_file, "r"))) + return 0; + if (!TEST_ptr(PEM_read_bio_PrivateKey(bio, &original_pkey, + callback_original_pw, NULL))) + return 0; + BIO_free(bio); + + /* add all tests */ + ADD_TEST(test_pem_negative); + ADD_TEST(test_pem_zero_length); + ADD_TEST(test_pem_weak); + ADD_TEST(test_pem_16zero); + ADD_TEST(test_pem_a0a); + ADD_TEST(test_pem_a0a_a0b); + ADD_TEST(test_pem_match_size); + ADD_TEST(test_pem_exceed_size); + ADD_TEST(test_pkcs8_negative); + ADD_TEST(test_pkcs8_zero_length); + ADD_TEST(test_pkcs8_weak); + ADD_TEST(test_pkcs8_16zero); + ADD_TEST(test_pkcs8_a0a); + ADD_TEST(test_pkcs8_a0a_a0b); + ADD_TEST(test_pkcs8_match_size); + ADD_TEST(test_pkcs8_exceed_size); + return 1; +} + +void cleanup_tests(void) +{ + EVP_PKEY_free(original_pkey); +} diff --git a/test/build.info b/test/build.info index 969e81c2cc..1aa433a0c2 100644 --- a/test/build.info +++ b/test/build.info @@ -40,7 +40,7 @@ IF[{- !$disabled{tests} -}] exptest pbetest localetest evp_pkey_ctx_new_from_name \ evp_pkey_provided_test evp_test evp_extra_test evp_extra_test2 \ evp_fetch_prov_test evp_libctx_test ossl_store_test \ - v3nametest v3ext punycode_test \ + v3nametest v3ext punycode_test evp_byname_test \ crltest danetest bad_dtls_test lhash_test sparse_array_test \ conf_include_test params_api_test params_conversion_test \ constant_time_test safe_math_test verify_extra_test clienthellotest \ @@ -63,7 +63,8 @@ IF[{- !$disabled{tests} -}] provfetchtest prov_config_test rand_test \ ca_internals_test bio_tfo_test membio_test bio_dgram_test list_test \ fips_version_test x509_test hpke_test pairwise_fail_test \ - nodefltctxtest evp_xof_test x509_load_cert_file_test bio_meth_test + nodefltctxtest evp_xof_test x509_load_cert_file_test bio_meth_test \ + bio_pw_callback_test IF[{- !$disabled{'rpk'} -}] PROGRAMS{noinst}=rpktest @@ -412,6 +413,10 @@ IF[{- !$disabled{tests} -}] INCLUDE[punycode_test]=../include ../apps/include DEPEND[punycode_test]=../libcrypto.a libtestutil.a + SOURCE[evp_byname_test]=evp_byname_test.c + INCLUDE[evp_byname_test]=../include ../apps/include + DEPEND[evp_byname_test]=../libcrypto libtestutil.a + SOURCE[stack_test]=stack_test.c INCLUDE[stack_test]=../include ../apps/include DEPEND[stack_test]=../libcrypto libtestutil.a @@ -531,7 +536,7 @@ IF[{- !$disabled{tests} -}] SOURCE[sslapitest]=sslapitest.c helpers/ssltestlib.c filterprov.c tls-provider.c INCLUDE[sslapitest]=../include ../apps/include .. - DEPEND[sslapitest]=../libcrypto ../libssl libtestutil.a + DEPEND[sslapitest]=../libcrypto.a ../libssl.a libtestutil.a SOURCE[ssl_handshake_rtt_test]=ssl_handshake_rtt_test.c helpers/ssltestlib.c INCLUDE[ssl_handshake_rtt_test]=../include ../apps/include .. @@ -1092,6 +1097,7 @@ IF[{- !$disabled{tests} -}] ENDIF IF[{- $disabled{module} || !$target{dso_scheme} -}] DEFINE[provider_test]=NO_PROVIDER_MODULE + DEFINE[prov_config_test]=NO_PROVIDER_MODULE DEFINE[provider_internal_test]=NO_PROVIDER_MODULE ENDIF DEPEND[]=provider_internal_test.cnf @@ -1205,6 +1211,10 @@ ENDIF INCLUDE[cert_comp_test]=../include ../apps/include .. DEPEND[cert_comp_test]=../libcrypto ../libssl libtestutil.a + SOURCE[bio_pw_callback_test]=bio_pw_callback_test.c + INCLUDE[bio_pw_callback_test]=../include ../apps/include + DEPEND[bio_pw_callback_test]=../libcrypto libtestutil.a + {- use File::Spec::Functions; use File::Basename; diff --git a/test/certs/ee-self-signed-pss.pem b/test/certs/ee-self-signed-pss.pem new file mode 100644 index 0000000000..fab433321c --- /dev/null +++ b/test/certs/ee-self-signed-pss.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDhTCCAjmgAwIBAgIUZxTKBh9L8ApVNcsI5ontnHRbv8wwQQYJKoZIhvcNAQEK +MDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEF +AKIDAgEgMB0xGzAZBgNVBAMMEmVlLXNlbGYtc2lnbmVkLXBzczAgFw0yNDA2MTcx +MTA5NTRaGA8yMTI0MDYxODExMDk1NFowHTEbMBkGA1UEAwwSZWUtc2VsZi1zaWdu +ZWQtcHNzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqP+JWGGFrt7b +LA/Vc/vit6gbenVgK9R9PHN2ta7eky9/JJBtyRz0ijjNn6KAFlbLtCy7k+UXH/8N +xkP+MTT4KNh16aO7iILvo3LiU2IFRU3gMZfvqp0Q0lgNngaeMrsbCFZdZQ8/Zo7C +NqAR/8BZNf1JHN0cQjMGeK4EOCPl53Vn05StWqlAH6xZEPUMwWStSsTGNVOzlmqC +GxWL0Zmr5J5vlKrSluVX+4yRZIo8JBbG0hm+gmATO2Kw7T4ds8r5a98xuXqeS0do +pynHP0riIie075Bj1+/Qckk+W625G9Qrb4Zo3dVzErhDydxBD6KjRk+LZ4iED2H+ +eTQfSokftwIDAQABo1MwUTAdBgNVHQ4EFgQU55viKq2KbDrLdlHljgeYIpfhc6Iw +HwYDVR0jBBgwFoAU55viKq2KbDrLdlHljgeYIpfhc6IwDwYDVR0TAQH/BAUwAwEB +/zBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEI +MA0GCWCGSAFlAwQCAQUAogMCASADggEBADjXHPnAha0YQKFCfQZqy8LLgxoQDbfP +5XKQJ8/FfeJXO9yjEmqOEoWM/QQIlM1gpepOOw8ZRhxcwx93eO+XtvJUA3bW+H73 +jwnqiX5mu1SpA/2IHcifxuOuXUwUh7vtOJGFATHusAn7dS3+tnJSkS+6pvSsJjDu +0x3fV8rLq1gL9gOC2MdzkLxyp7xmdgibQMI+PyPNgU1e1Qm88Cp5dVNRMdgQ+3CL +E3h7qfSpSkUCM9rNBc2/rqavQ/UPq5H6r8R9gYd9yR7uGL88B9QI4DQDR8T6x9JG +0ebWYLuH2xWP9Njl2IbwN3uqQSeRSSqy7UlNo51O+nkvU1vCJGy6aXw= +-----END CERTIFICATE----- diff --git a/test/certs/setup.sh b/test/certs/setup.sh index d517384301..4280ac3a8d 100755 --- a/test/certs/setup.sh +++ b/test/certs/setup.sh @@ -226,6 +226,10 @@ OPENSSL_KEYBITS=8192 \ # self-signed end-entity cert with explicit keyUsage not including KeyCertSign openssl req -new -x509 -key ee-key.pem -subj /CN=ee-self-signed -out ee-self-signed.pem -addext keyUsage=digitalSignature -days 36525 +# self-signed end-entity cert signed with RSA-PSS +openssl req -new -x509 -key ee-key.pem -subj /CN=ee-self-signed-pss -out ee-self-signed-pss.pem -days 36525 \ + -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:digest + # Proxy certificates, off of ee-client # Start with some good ones ./mkcert.sh req pc1-key "0.CN = server.example" "1.CN = proxy 1" | \ diff --git a/test/certs/tab-in-dn.pem b/test/certs/tab-in-dn.pem new file mode 100644 index 0000000000..85b7b62849 --- /dev/null +++ b/test/certs/tab-in-dn.pem @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE----- +MIIBCjCBvaADAgECAhQtSLWSJKg8TpmuRG/UlzepKY2MazAFBgMrZXAwEzERMA8G +A1UEAwwIVGVzdAlUQUIwIBcNMjUwMjI4MTAzNDE5WhgPMjEyNTAyMDQxMDM0MTla +MBMxETAPBgNVBAMMCFRlc3QJVEFCMCowBQYDK2VwAyEA1ptSJCGrDHMlWEoirhZe +s2TETOMe4f0G335qXYHDPP+jITAfMB0GA1UdDgQWBBQwCDnyYnvR2GXoToxSxPmp +kvER+zAFBgMrZXADQQBszFQxeWW1BBUgWf9as2zDyYCO43kBWTFTypPsFkpuAg4t +oxrqzb7Kd4RIT0TGtRGgd3gwRkqC0ecgM/NmXOYM +-----END CERTIFICATE----- diff --git a/test/certs/tab-in-dn.text b/test/certs/tab-in-dn.text new file mode 100644 index 0000000000..fc7dee804f --- /dev/null +++ b/test/certs/tab-in-dn.text @@ -0,0 +1,27 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2d:48:b5:92:24:a8:3c:4e:99:ae:44:6f:d4:97:37:a9:29:8d:8c:6b + Signature Algorithm: ED25519 + Issuer: CN=Test\09TAB + Validity + Not Before: Feb 28 10:34:19 2025 GMT + Not After : Feb 4 10:34:19 2125 GMT + Subject: CN=Test\09TAB + Subject Public Key Info: + Public Key Algorithm: ED25519 + ED25519 Public-Key: + pub: + d6:9b:52:24:21:ab:0c:73:25:58:4a:22:ae:16:5e: + b3:64:c4:4c:e3:1e:e1:fd:06:df:7e:6a:5d:81:c3: + 3c:ff + X509v3 extensions: + X509v3 Subject Key Identifier: + 30:08:39:F2:62:7B:D1:D8:65:E8:4E:8C:52:C4:F9:A9:92:F1:11:FB + Signature Algorithm: ED25519 + Signature Value: + 6c:cc:54:31:79:65:b5:04:15:20:59:ff:5a:b3:6c:c3:c9:80: + 8e:e3:79:01:59:31:53:ca:93:ec:16:4a:6e:02:0e:2d:a3:1a: + ea:cd:be:ca:77:84:48:4f:44:c6:b5:11:a0:77:78:30:46:4a: + 82:d1:e7:20:33:f3:66:5c:e6:0c diff --git a/test/cmactest.c b/test/cmactest.c index 6361329612..a550d4edec 100644 --- a/test/cmactest.c +++ b/test/cmactest.c @@ -327,13 +327,15 @@ err: return ret; } +#define OSSL_HEX_CHARS_PER_BYTE 2 static char *pt(unsigned char *md, unsigned int len) { unsigned int i; - static char buf[80]; + static char buf[81]; - for (i = 0; i < len; i++) - sprintf(&(buf[i * 2]), "%02x", md[i]); + for (i = 0; i < len && (i + 1) * OSSL_HEX_CHARS_PER_BYTE < sizeof(buf); i++) + BIO_snprintf(buf + i * OSSL_HEX_CHARS_PER_BYTE, + OSSL_HEX_CHARS_PER_BYTE + 1, "%02x", md[i]); return buf; } diff --git a/test/cmp_hdr_test.c b/test/cmp_hdr_test.c index 69f75a24e2..8cdf6b9b07 100644 --- a/test/cmp_hdr_test.c +++ b/test/cmp_hdr_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright Nokia 2007-2019 * Copyright Siemens AG 2015-2019 * @@ -71,25 +71,30 @@ static int test_HDR_set_get_pvno(void) static int execute_HDR_get0_senderNonce_test(CMP_HDR_TEST_FIXTURE *fixture) { + int res = 0; X509_NAME *sender = X509_NAME_new(); ASN1_OCTET_STRING *sn; if (!TEST_ptr(sender)) - return 0; + goto err; X509_NAME_ADD(sender, "CN", "A common sender name"); if (!TEST_int_eq(OSSL_CMP_CTX_set1_subjectName(fixture->cmp_ctx, sender), 1)) - return 0; + goto err; if (!TEST_int_eq(ossl_cmp_hdr_init(fixture->cmp_ctx, fixture->hdr), 1)) - return 0; + goto err; sn = ossl_cmp_hdr_get0_senderNonce(fixture->hdr); if (!TEST_int_eq(ASN1_OCTET_STRING_cmp(fixture->cmp_ctx->senderNonce, sn), 0)) - return 0; + goto err; + + res = 1; +err: X509_NAME_free(sender); - return 1; + + return res; } static int test_HDR_get0_senderNonce(void) @@ -102,23 +107,28 @@ static int test_HDR_get0_senderNonce(void) static int execute_HDR_set1_sender_test(CMP_HDR_TEST_FIXTURE *fixture) { + int res = 0; X509_NAME *x509name = X509_NAME_new(); if (!TEST_ptr(x509name)) - return 0; + goto err; X509_NAME_ADD(x509name, "CN", "A common sender name"); if (!TEST_int_eq(ossl_cmp_hdr_set1_sender(fixture->hdr, x509name), 1)) - return 0; + goto err; + if (!TEST_int_eq(fixture->hdr->sender->type, GEN_DIRNAME)) - return 0; + goto err; if (!TEST_int_eq(X509_NAME_cmp(fixture->hdr->sender->d.directoryName, x509name), 0)) - return 0; + goto err; + res = 1; +err: X509_NAME_free(x509name); - return 1; + + return res; } static int test_HDR_set1_sender(void) @@ -131,24 +141,28 @@ static int test_HDR_set1_sender(void) static int execute_HDR_set1_recipient_test(CMP_HDR_TEST_FIXTURE *fixture) { + int res = 0; X509_NAME *x509name = X509_NAME_new(); if (!TEST_ptr(x509name)) - return 0; + goto err; X509_NAME_ADD(x509name, "CN", "A common recipient name"); if (!TEST_int_eq(ossl_cmp_hdr_set1_recipient(fixture->hdr, x509name), 1)) - return 0; + goto err; if (!TEST_int_eq(fixture->hdr->recipient->type, GEN_DIRNAME)) - return 0; + goto err; if (!TEST_int_eq(X509_NAME_cmp(fixture->hdr->recipient->d.directoryName, x509name), 0)) - return 0; + goto err; + res = 1; +err: X509_NAME_free(x509name); - return 1; + + return res; } static int test_HDR_set1_recipient(void) @@ -203,7 +217,7 @@ static int execute_HDR_set1_senderKID_test(CMP_HDR_TEST_FIXTURE *fixture) int res = 0; if (!TEST_ptr(senderKID)) - return 0; + goto err; if (!TEST_int_eq(ASN1_OCTET_STRING_set(senderKID, rand_data, sizeof(rand_data)), 1)) @@ -265,7 +279,7 @@ static int execute_HDR_push1_freeText_test(CMP_HDR_TEST_FIXTURE *fixture) int res = 0; if (!TEST_ptr(text)) - return 0; + goto err; if (!ASN1_STRING_set(text, "A free text", -1)) goto err; @@ -280,6 +294,7 @@ static int execute_HDR_push1_freeText_test(CMP_HDR_TEST_FIXTURE *fixture) res = 1; err: ASN1_UTF8STRING_free(text); + return res; } diff --git a/test/cmp_vfy_test.c b/test/cmp_vfy_test.c index 4ce309992f..114b104497 100644 --- a/test/cmp_vfy_test.c +++ b/test/cmp_vfy_test.c @@ -336,8 +336,9 @@ static int test_validate_msg_signature_sender_cert_extracert(void) || !add_trusted(fixture->cmp_ctx, instaca_cert)) { tear_down(fixture); fixture = NULL; + } else { + fixture->cert = sk_X509_value(fixture->msg->extraCerts, 1); /* Insta CA */ } - fixture->cert = sk_X509_value(fixture->msg->extraCerts, 1); /* Insta CA */ EXECUTE_TEST(execute_validate_msg_test, tear_down); return result; } diff --git a/test/conf_include_test.c b/test/conf_include_test.c index facf960360..2b16c6ebe4 100644 --- a/test/conf_include_test.c +++ b/test/conf_include_test.c @@ -186,7 +186,7 @@ static int test_check_overflow(void) char max[(sizeof(long) * 8) / 3 + 3]; char *p; - p = max + sprintf(max, "0%ld", LONG_MAX) - 1; + p = max + BIO_snprintf(max, sizeof(max), "0%ld", LONG_MAX) - 1; setenv("FNORD", max, 1); if (!TEST_true(NCONF_get_number(NULL, "missing", "FNORD", &val)) || !TEST_long_eq(val, LONG_MAX)) diff --git a/test/crltest.c b/test/crltest.c index 66ee17381d..37fa6c13c2 100644 --- a/test/crltest.c +++ b/test/crltest.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -101,6 +101,13 @@ static const char *kRevokedCRL[] = { NULL }; +static const char *kInvalidCRL[] = { + "-----BEGIN X509 CRL-----\n", + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n", + "-----END X509 CRL-----\n", + NULL +}; + static const char *kBadIssuerCRL[] = { "-----BEGIN X509 CRL-----\n", "MIIBwjCBqwIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzETMBEGA1UE\n", @@ -371,24 +378,58 @@ static int test_unknown_critical_crl(int n) return r; } -static int test_reuse_crl(void) +static int test_reuse_crl(int idx) { - X509_CRL *reused_crl = CRL_from_strings(kBasicCRL); - char *p; - BIO *b = glue2bio(kRevokedCRL, &p); + X509_CRL *result, *reused_crl = CRL_from_strings(kBasicCRL); + X509_CRL *addref_crl = NULL; + char *p = NULL; + BIO *b = NULL; + int r = 0; - if (b == NULL) { - OPENSSL_free(p); - X509_CRL_free(reused_crl); - return 0; + if (!TEST_ptr(reused_crl)) + goto err; + + if (idx & 1) { + if (!TEST_true(X509_CRL_up_ref(reused_crl))) + goto err; + addref_crl = reused_crl; } - reused_crl = PEM_read_bio_X509_CRL(b, &reused_crl, NULL, NULL); + idx >>= 1; + b = glue2bio(idx == 2 ? kRevokedCRL : kInvalidCRL + idx, &p); + if (!TEST_ptr(b)) + goto err; + + result = PEM_read_bio_X509_CRL(b, &reused_crl, NULL, NULL); + + switch (idx) { + case 0: /* valid PEM + invalid DER */ + if (!TEST_ptr_null(result) + || !TEST_ptr_null(reused_crl)) + goto err; + break; + case 1: /* invalid PEM */ + if (!TEST_ptr_null(result) + || !TEST_ptr(reused_crl)) + goto err; + break; + case 2: + if (!TEST_ptr(result) + || !TEST_ptr(reused_crl) + || !TEST_ptr_eq(result, reused_crl)) + goto err; + break; + } + + r = 1; + + err: OPENSSL_free(p); BIO_free(b); X509_CRL_free(reused_crl); - return 1; + X509_CRL_free(addref_crl); + return r; } int setup_tests(void) @@ -402,7 +443,7 @@ int setup_tests(void) ADD_TEST(test_bad_issuer_crl); ADD_TEST(test_known_critical_crl); ADD_ALL_TESTS(test_unknown_critical_crl, OSSL_NELEM(unknown_critical_crls)); - ADD_TEST(test_reuse_crl); + ADD_ALL_TESTS(test_reuse_crl, 6); return 1; } diff --git a/test/ct_test.c b/test/ct_test.c index 26d5bc1084..ff253414f8 100644 --- a/test/ct_test.c +++ b/test/ct_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -450,13 +450,18 @@ static int test_encode_tls_sct(void) fixture->sct_list = sk_SCT_new_null(); if (fixture->sct_list == NULL) - return 0; + { + tear_down(fixture); + return 0; + } if (!TEST_ptr(sct = SCT_new_from_base64(SCT_VERSION_V1, log_id, CT_LOG_ENTRY_TYPE_X509, timestamp, extensions, signature))) - + { + tear_down(fixture); return 0; + } sk_SCT_push(fixture->sct_list, sct); fixture->sct_dir = ct_dir; diff --git a/test/drbgtest.c b/test/drbgtest.c index 13bc62a4c0..1ac7732bd2 100644 --- a/test/drbgtest.c +++ b/test/drbgtest.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -28,12 +28,6 @@ # include #endif -#if defined(__TANDEM) -# if defined(OPENSSL_TANDEM_FLOSS) -# include -# endif -#endif - #if defined(OPENSSL_SYS_UNIX) # include # include @@ -423,7 +417,7 @@ static int test_rand_reseed_on_fork(EVP_RAND_CTX *primary, presult[0].pindex = presult[1].pindex = i; - sprintf(presult[0].name, "child %d", i); + BIO_snprintf(presult[0].name, sizeof(presult[0].name), "child %d", i); strcpy(presult[1].name, presult[0].name); /* collect the random output of the children */ diff --git a/test/dsatest.c b/test/dsatest.c index 5fa83020f8..b849105d33 100644 --- a/test/dsatest.c +++ b/test/dsatest.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -332,6 +332,7 @@ static int test_dsa_sig_infinite_loop(void) BIGNUM *p = NULL, *q = NULL, *g = NULL, *priv = NULL, *pub = NULL, *priv2 = NULL; BIGNUM *badq = NULL, *badpriv = NULL; const unsigned char msg[] = { 0x00 }; + unsigned int signature_len0; unsigned int signature_len; unsigned char signature[64]; @@ -375,10 +376,13 @@ static int test_dsa_sig_infinite_loop(void) goto err; /* Test passing signature as NULL */ - if (!TEST_true(DSA_sign(0, msg, sizeof(msg), NULL, &signature_len, dsa))) + if (!TEST_true(DSA_sign(0, msg, sizeof(msg), NULL, &signature_len0, dsa)) + || !TEST_int_gt(signature_len0, 0)) goto err; - if (!TEST_true(DSA_sign(0, msg, sizeof(msg), signature, &signature_len, dsa))) + if (!TEST_true(DSA_sign(0, msg, sizeof(msg), signature, &signature_len, dsa)) + || !TEST_int_gt(signature_len, 0) + || !TEST_int_le(signature_len, signature_len0)) goto err; /* Test using a private key of zero fails - this causes an infinite loop without the retry test */ diff --git a/test/ec_internal_test.c b/test/ec_internal_test.c index 5076f9894d..92904cfc42 100644 --- a/test/ec_internal_test.c +++ b/test/ec_internal_test.c @@ -155,6 +155,56 @@ static int field_tests_ecp_mont(void) } #ifndef OPENSSL_NO_EC2M +/* Test that decoding of invalid GF2m field parameters fails. */ +static int ec2m_field_sanity(void) +{ + int ret = 0; + BN_CTX *ctx = BN_CTX_new(); + BIGNUM *p, *a, *b; + EC_GROUP *group1 = NULL, *group2 = NULL, *group3 = NULL; + + TEST_info("Testing GF2m hardening\n"); + + BN_CTX_start(ctx); + p = BN_CTX_get(ctx); + a = BN_CTX_get(ctx); + if (!TEST_ptr(b = BN_CTX_get(ctx)) + || !TEST_true(BN_one(a)) + || !TEST_true(BN_one(b))) + goto out; + + /* Even pentanomial value should be rejected */ + if (!TEST_true(BN_set_word(p, 0xf2))) + goto out; + if (!TEST_ptr_null(group1 = EC_GROUP_new_curve_GF2m(p, a, b, ctx))) + TEST_error("Zero constant term accepted in GF2m polynomial"); + + /* Odd hexanomial should also be rejected */ + if (!TEST_true(BN_set_word(p, 0xf3))) + goto out; + if (!TEST_ptr_null(group2 = EC_GROUP_new_curve_GF2m(p, a, b, ctx))) + TEST_error("Hexanomial accepted as GF2m polynomial"); + + /* Excessive polynomial degree should also be rejected */ + if (!TEST_true(BN_set_word(p, 0x71)) + || !TEST_true(BN_set_bit(p, OPENSSL_ECC_MAX_FIELD_BITS + 1))) + goto out; + if (!TEST_ptr_null(group3 = EC_GROUP_new_curve_GF2m(p, a, b, ctx))) + TEST_error("GF2m polynomial degree > %d accepted", + OPENSSL_ECC_MAX_FIELD_BITS); + + ret = group1 == NULL && group2 == NULL && group3 == NULL; + + out: + EC_GROUP_free(group1); + EC_GROUP_free(group2); + EC_GROUP_free(group3); + BN_CTX_end(ctx); + BN_CTX_free(ctx); + + return ret; +} + /* test EC_GF2m_simple_method directly */ static int field_tests_ec2_simple(void) { @@ -443,6 +493,7 @@ int setup_tests(void) ADD_TEST(field_tests_ecp_simple); ADD_TEST(field_tests_ecp_mont); #ifndef OPENSSL_NO_EC2M + ADD_TEST(ec2m_field_sanity); ADD_TEST(field_tests_ec2_simple); #endif ADD_ALL_TESTS(field_tests_default, crv_len); diff --git a/test/ecdsatest.c b/test/ecdsatest.c index 33a52eb1b5..0ddbf6690d 100644 --- a/test/ecdsatest.c +++ b/test/ecdsatest.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -350,15 +350,39 @@ static int test_builtin_as_sm2(int n) static int test_ecdsa_sig_NULL(void) { int ret; + unsigned int siglen0; unsigned int siglen; unsigned char dgst[128] = { 0 }; EC_KEY *eckey = NULL; + unsigned char *sig = NULL; + BIGNUM *kinv = NULL, *rp = NULL; ret = TEST_ptr(eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)) && TEST_int_eq(EC_KEY_generate_key(eckey), 1) - && TEST_int_eq(ECDSA_sign(0, dgst, sizeof(dgst), NULL, &siglen, eckey), 1) - && TEST_int_gt(siglen, 0); + && TEST_int_eq(ECDSA_sign(0, dgst, sizeof(dgst), NULL, &siglen0, + eckey), 1) + && TEST_int_gt(siglen0, 0) + && TEST_ptr(sig = OPENSSL_malloc(siglen0)) + && TEST_int_eq(ECDSA_sign(0, dgst, sizeof(dgst), sig, &siglen, + eckey), 1) + && TEST_int_gt(siglen, 0) + && TEST_int_le(siglen, siglen0) + && TEST_int_eq(ECDSA_verify(0, dgst, sizeof(dgst), sig, siglen, + eckey), 1) + && TEST_int_eq(ECDSA_sign_setup(eckey, NULL, &kinv, &rp), 1) + && TEST_int_eq(ECDSA_sign_ex(0, dgst, sizeof(dgst), NULL, &siglen, + kinv, rp, eckey), 1) + && TEST_int_gt(siglen, 0) + && TEST_int_le(siglen, siglen0) + && TEST_int_eq(ECDSA_sign_ex(0, dgst, sizeof(dgst), sig, &siglen0, + kinv, rp, eckey), 1) + && TEST_int_eq(siglen, siglen0) + && TEST_int_eq(ECDSA_verify(0, dgst, sizeof(dgst), sig, siglen, + eckey), 1); EC_KEY_free(eckey); + OPENSSL_free(sig); + BN_free(kinv); + BN_free(rp); return ret; } diff --git a/test/ecstresstest.c b/test/ecstresstest.c index 22d46c50da..237def095c 100644 --- a/test/ecstresstest.c +++ b/test/ecstresstest.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -79,7 +79,7 @@ static int test_curve(void) || !TEST_ptr(point = EC_POINT_dup(EC_GROUP_get0_generator(group), group)) || !TEST_ptr(result = walk_curve(group, point, num_repeats))) - return 0; + goto err; if (print_mode) { BN_print(bio_out, result); diff --git a/test/endecode_test.c b/test/endecode_test.c index e28fd41b75..08a57c3da5 100644 --- a/test/endecode_test.c +++ b/test/endecode_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -1032,6 +1032,10 @@ DOMAIN_KEYS(ECExplicitTri2G); IMPLEMENT_TEST_SUITE(ECExplicitTri2G, "EC", 0) IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTri2G, "EC") # endif +# ifndef OPENSSL_NO_SM2 +KEYS(SM2); +IMPLEMENT_TEST_SUITE(SM2, "SM2", 0) +# endif KEYS(ED25519); IMPLEMENT_TEST_SUITE(ED25519, "ED25519", 1) KEYS(ED448); @@ -1241,6 +1245,28 @@ static int create_ec_explicit_trinomial_params(OSSL_PARAM_BLD *bld) return do_create_ec_explicit_trinomial_params(bld, gen2, sizeof(gen2)); } # endif /* OPENSSL_NO_EC2M */ + +/* + * Test that multiple calls to OSSL_ENCODER_to_data() do not cause side effects + */ +static int ec_encode_to_data_multi(void) +{ + int ret; + OSSL_ENCODER_CTX *ectx = NULL; + EVP_PKEY *key = NULL; + uint8_t *enc = NULL; + size_t enc_len = 0; + + ret = TEST_ptr(key = EVP_PKEY_Q_keygen(testctx, "", "EC", "P-256")) + && TEST_ptr(ectx = OSSL_ENCODER_CTX_new_for_pkey(key, EVP_PKEY_KEYPAIR, + "DER", NULL, NULL)) + && TEST_int_eq(OSSL_ENCODER_to_data(ectx, NULL, &enc_len), 1) + && TEST_int_eq(OSSL_ENCODER_to_data(ectx, &enc, &enc_len), 1); + OPENSSL_free(enc); + EVP_PKEY_free(key); + OSSL_ENCODER_CTX_free(ectx); + return ret; +} #endif /* OPENSSL_NO_EC */ typedef enum OPTION_choice { @@ -1337,9 +1363,7 @@ int setup_tests(void) } /* FIPS(3.0.0): provider imports explicit params but they won't work #17998 */ - is_fips_3_0_0 = fips_provider_version_eq(testctx, 3, 0, 0); - if (is_fips_3_0_0 < 0) - return 0; + is_fips_3_0_0 = is_fips && fips_provider_version_eq(testctx, 3, 0, 0); #ifdef STATIC_LEGACY /* @@ -1396,6 +1420,9 @@ int setup_tests(void) # ifndef OPENSSL_NO_EC2M MAKE_DOMAIN_KEYS(ECExplicitTriNamedCurve, "EC", ec_explicit_tri_params_nc); MAKE_DOMAIN_KEYS(ECExplicitTri2G, "EC", ec_explicit_tri_params_explicit); +# endif +# ifndef OPENSSL_NO_SM2 + MAKE_KEYS(SM2, "SM2", NULL); # endif MAKE_KEYS(ED25519, "ED25519", NULL); MAKE_KEYS(ED448, "ED448", NULL); @@ -1430,6 +1457,7 @@ int setup_tests(void) # endif #endif #ifndef OPENSSL_NO_EC + ADD_TEST(ec_encode_to_data_multi); ADD_TEST_SUITE(EC); ADD_TEST_SUITE_PARAMS(EC); ADD_TEST_SUITE_LEGACY(EC); @@ -1442,6 +1470,12 @@ int setup_tests(void) ADD_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve); ADD_TEST_SUITE(ECExplicitTri2G); ADD_TEST_SUITE_LEGACY(ECExplicitTri2G); +# endif +# ifndef OPENSSL_NO_SM2 + if (!is_fips_3_0_0) { + /* 3.0.0 FIPS provider imports explicit EC params and then fails. */ + ADD_TEST_SUITE(SM2); + } # endif ADD_TEST_SUITE(ED25519); ADD_TEST_SUITE(ED448); @@ -1499,6 +1533,9 @@ void cleanup_tests(void) # ifndef OPENSSL_NO_EC2M FREE_DOMAIN_KEYS(ECExplicitTriNamedCurve); FREE_DOMAIN_KEYS(ECExplicitTri2G); +# endif +# ifndef OPENSSL_NO_SM2 + FREE_KEYS(SM2); # endif FREE_KEYS(ED25519); FREE_KEYS(ED448); diff --git a/test/enginetest.c b/test/enginetest.c index 8ba999b017..79ffb23054 100644 --- a/test/enginetest.c +++ b/test/enginetest.c @@ -147,9 +147,9 @@ static int test_engines(void) TEST_info("About to beef up the engine-type list"); for (loop = 0; loop < NUMTOADD; loop++) { - sprintf(buf, "id%d", loop); + BIO_snprintf(buf, sizeof(buf), "id%d", loop); eid[loop] = OPENSSL_strdup(buf); - sprintf(buf, "Fake engine type %d", loop); + BIO_snprintf(buf, sizeof(buf), "Fake engine type %d", loop); ename[loop] = OPENSSL_strdup(buf); if (!TEST_ptr(block[loop] = ENGINE_new()) || !TEST_true(ENGINE_set_id(block[loop], eid[loop])) diff --git a/test/evp_byname_test.c b/test/evp_byname_test.c new file mode 100644 index 0000000000..e16e27a3a5 --- /dev/null +++ b/test/evp_byname_test.c @@ -0,0 +1,40 @@ +/* + * Copyright 2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include + +#include +#include "testutil.h" + +static int test_evp_get_digestbyname(void) +{ + const EVP_MD *md; + + if (!TEST_ptr(md = EVP_get_digestbyname("SHA2-256"))) + return 0; + return 1; +} + +static int test_evp_get_cipherbyname(void) +{ + const EVP_CIPHER *cipher; + + if (!TEST_ptr(cipher = EVP_get_cipherbyname("AES-256-WRAP"))) + return 0; + return 1; +} + +int setup_tests(void) +{ + ADD_TEST(test_evp_get_digestbyname); + ADD_TEST(test_evp_get_cipherbyname); + return 1; +} diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index 1972b39405..cf4eb69fb7 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -721,7 +721,9 @@ static EVP_PKEY *make_key_fromdata(char *keytype, OSSL_PARAM *params) if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq))) goto err; - if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0) + /* Check that premature EVP_PKEY_CTX_set_params() fails gracefully */ + if (!TEST_int_eq(EVP_PKEY_CTX_set_params(pctx, params), 0) + || !TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0) || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &tmp_pkey, EVP_PKEY_KEYPAIR, params), 0)) goto err; @@ -2721,6 +2723,47 @@ static int test_emptyikm_HKDF(void) return ret; } +static int test_empty_salt_info_HKDF(void) +{ + EVP_PKEY_CTX *pctx; + unsigned char out[20]; + size_t outlen; + int ret = 0; + unsigned char salt[] = ""; + unsigned char key[] = "012345678901234567890123456789"; + unsigned char info[] = ""; + const unsigned char expected[] = { + 0x67, 0x12, 0xf9, 0x27, 0x8a, 0x8a, 0x3a, 0x8f, 0x7d, 0x2c, 0xa3, 0x6a, + 0xaa, 0xe9, 0xb3, 0xb9, 0x52, 0x5f, 0xe0, 0x06, + }; + size_t expectedlen = sizeof(expected); + + if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq))) + goto done; + + outlen = sizeof(out); + memset(out, 0, outlen); + + if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0) + || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0) + || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, + sizeof(salt) - 1), 0) + || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key, + sizeof(key) - 1), 0) + || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info, + sizeof(info) - 1), 0) + || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0) + || !TEST_mem_eq(out, outlen, expected, expectedlen)) + goto done; + + ret = 1; + + done: + EVP_PKEY_CTX_free(pctx); + + return ret; +} + #ifndef OPENSSL_NO_EC static int test_X509_PUBKEY_inplace(void) { @@ -4886,6 +4929,7 @@ static int custom_md_cleanup(EVP_MD_CTX *ctx) static int test_custom_md_meth(void) { + ASN1_OBJECT *o = NULL; EVP_MD_CTX *mdctx = NULL; EVP_MD *tmp = NULL; char mess[] = "Test Message\n"; @@ -4931,8 +4975,21 @@ static int test_custom_md_meth(void) || !TEST_int_eq(custom_md_cleanup_called, 1)) goto err; + if (!TEST_int_eq(OBJ_create("1.3.6.1.4.1.16604.998866.1", + "custom-md", "custom-md"), NID_undef) + || !TEST_int_eq(ERR_GET_LIB(ERR_peek_error()), ERR_LIB_OBJ) + || !TEST_int_eq(ERR_GET_REASON(ERR_get_error()), OBJ_R_OID_EXISTS)) + goto err; + + o = ASN1_OBJECT_create(nid, (unsigned char *) + "\53\6\1\4\1\201\201\134\274\373\122\1", 12, + "custom-md", "custom-md"); + if (!TEST_int_eq(OBJ_add_object(o), nid)) + goto err; + testresult = 1; err: + ASN1_OBJECT_free(o); EVP_MD_CTX_free(mdctx); EVP_MD_meth_free(tmp); return testresult; @@ -5583,6 +5640,25 @@ static int test_aes_rc4_keylen_change_cve_2023_5363(void) } #endif +static int test_invalid_ctx_for_digest(void) +{ + int ret; + EVP_MD_CTX *mdctx; + + mdctx = EVP_MD_CTX_new(); + if (!TEST_ptr(mdctx)) + return 0; + + if (!TEST_int_eq(EVP_DigestUpdate(mdctx, "test", sizeof("test") - 1), 0)) + ret = 0; + else + ret = 1; + + EVP_MD_CTX_free(mdctx); + + return ret; +} + int setup_tests(void) { OPTION_CHOICE o; @@ -5660,6 +5736,7 @@ int setup_tests(void) #endif ADD_TEST(test_HKDF); ADD_TEST(test_emptyikm_HKDF); + ADD_TEST(test_empty_salt_info_HKDF); #ifndef OPENSSL_NO_EC ADD_TEST(test_X509_PUBKEY_inplace); ADD_TEST(test_X509_PUBKEY_dup); @@ -5753,6 +5830,8 @@ int setup_tests(void) ADD_TEST(test_aes_rc4_keylen_change_cve_2023_5363); #endif + ADD_TEST(test_invalid_ctx_for_digest); + return 1; } diff --git a/test/evp_extra_test2.c b/test/evp_extra_test2.c index 32ca15bc9a..1665ac4273 100644 --- a/test/evp_extra_test2.c +++ b/test/evp_extra_test2.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/evp_kdf_test.c b/test/evp_kdf_test.c index a3dd4a5b03..8051af166e 100644 --- a/test/evp_kdf_test.c +++ b/test/evp_kdf_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2025 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2018-2020, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -857,7 +857,7 @@ err: #ifndef OPENSSL_NO_SCRYPT static int test_kdf_scrypt(void) { - int ret; + int i, ret; EVP_KDF_CTX *kctx; OSSL_PARAM params[7], *p = params; unsigned char out[64]; @@ -883,15 +883,21 @@ static int test_kdf_scrypt(void) *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_MAXMEM, &maxmem); *p = OSSL_PARAM_construct_end(); - ret = - TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SCRYPT)) - && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) - /* failure test *//* - && TEST_int_le(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0)*/ - && TEST_true(OSSL_PARAM_set_uint(p - 1, 10 * 1024 * 1024)) - && TEST_true(EVP_KDF_CTX_set_params(kctx, p - 1)) - && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0) - && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); + ret = TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SCRYPT)); + for (i = 0; ret && i < 2; ++i) { + ret = ret + && TEST_true(EVP_KDF_CTX_set_params(kctx, params)); + if (i == 0) + ret = ret + && TEST_int_le(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0) + && TEST_true(OSSL_PARAM_set_uint(p - 1, 10 * 1024 * 1024)) + && TEST_true(EVP_KDF_CTX_set_params(kctx, p - 1)); + ret = ret + && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0) + && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); + if (i == 0) + EVP_KDF_CTX_reset(kctx); + } EVP_KDF_CTX_free(kctx); return ret; @@ -1966,6 +1972,64 @@ err: return ret; } +/* Test that changing the KBKDF algorithm from KMAC to HMAC works correctly */ +static int test_kbkdf_mac_change(void) +{ + int ret = 0; + EVP_KDF_CTX *kctx = NULL; + OSSL_PARAM params[9], *p = params; + /* Test data taken from the evptest corpus */ + int l = 0, sep = 0, r = 8; + static /* const */ unsigned char key[] = { + 0x3e, 0xdc, 0x6b, 0x5b, 0x8f, 0x7a, 0xad, 0xbd, + 0x71, 0x37, 0x32, 0xb4, 0x82, 0xb8, 0xf9, 0x79, + 0x28, 0x6e, 0x1e, 0xa3, 0xb8, 0xf8, 0xf9, 0x9c, + 0x30, 0xc8, 0x84, 0xcf, 0xe3, 0x34, 0x9b, 0x83 + }; + static /* const */ unsigned char info[] = { + 0x98, 0xe9, 0x98, 0x8b, 0xb4, 0xcc, 0x8b, 0x34, + 0xd7, 0x92, 0x2e, 0x1c, 0x68, 0xad, 0x69, 0x2b, + 0xa2, 0xa1, 0xd9, 0xae, 0x15, 0x14, 0x95, 0x71, + 0x67, 0x5f, 0x17, 0xa7, 0x7a, 0xd4, 0x9e, 0x80, + 0xc8, 0xd2, 0xa8, 0x5e, 0x83, 0x1a, 0x26, 0x44, + 0x5b, 0x1f, 0x0f, 0xf4, 0x4d, 0x70, 0x84, 0xa1, + 0x72, 0x06, 0xb4, 0x89, 0x6c, 0x81, 0x12, 0xda, + 0xad, 0x18, 0x60, 0x5a + }; + static const unsigned char output[] = { + 0x6c, 0x03, 0x76, 0x52, 0x99, 0x06, 0x74, 0xa0, + 0x78, 0x44, 0x73, 0x2d, 0x0a, 0xd9, 0x85, 0xf9 + }; + unsigned char out[sizeof(output)]; + + params[0] = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, + OSSL_MAC_NAME_KMAC128, 0); + params[1] = OSSL_PARAM_construct_end(); + if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_KBKDF)) + || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))) + goto err; + + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE, "COUNTER", 0); + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, "HMAC", 0); + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, "SHA256", 0); + *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_KBKDF_USE_L, &l); + *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR, &sep); + *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_KBKDF_R, &r); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, + key, sizeof(key)); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, + info, sizeof(info)); + *p = OSSL_PARAM_construct_end(); + if (!TEST_true(EVP_KDF_derive(kctx, out, sizeof(out), params)) + || !TEST_mem_eq(out, sizeof(out), output, sizeof(output))) + goto err; + + ret = 1; +err: + EVP_KDF_CTX_free(kctx); + return ret; +} + int setup_tests(void) { ADD_TEST(test_kdf_pbkdf1); @@ -2029,5 +2093,6 @@ int setup_tests(void) ADD_TEST(test_kdf_krb5kdf); ADD_TEST(test_kdf_hmac_drbg_settables); ADD_TEST(test_kdf_hmac_drbg_gettables); + ADD_TEST(test_kbkdf_mac_change); return 1; } diff --git a/test/evp_libctx_test.c b/test/evp_libctx_test.c index 3d8cd53c43..b1c90a892b 100644 --- a/test/evp_libctx_test.c +++ b/test/evp_libctx_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -38,6 +38,8 @@ static OSSL_LIB_CTX *libctx = NULL; static OSSL_PROVIDER *nullprov = NULL; static OSSL_PROVIDER *libprov = NULL; static STACK_OF(OPENSSL_STRING) *cipher_names = NULL; +static int is_fips = 0; +static int is_fips_lt_3_5 = 0; typedef enum OPTION_choice { OPT_ERR = -1, @@ -538,7 +540,7 @@ static int rsa_keygen(int bits, EVP_PKEY **pub, EVP_PKEY **priv) size_t len = 0; OSSL_ENCODER_CTX *ectx = NULL; - if (!TEST_ptr(*priv = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", bits)) + if (!TEST_ptr(*priv = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", (size_t)bits)) || !TEST_ptr(ectx = OSSL_ENCODER_CTX_new_for_pkey(*priv, EVP_PKEY_PUBLIC_KEY, @@ -573,6 +575,8 @@ static int kem_rsa_gen_recover(void) && TEST_int_eq(EVP_PKEY_encapsulate_init(sctx, NULL), 1) && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(sctx, "RSASVE"), 1) && TEST_ptr(dctx = EVP_PKEY_CTX_dup(sctx)) + /* Test that providing a NULL wrappedlen fails */ + && TEST_int_eq(EVP_PKEY_encapsulate(dctx, NULL, NULL, NULL, NULL), 0) && TEST_int_eq(EVP_PKEY_encapsulate(dctx, NULL, &ctlen, NULL, &secretlen), 1) && TEST_int_eq(ctlen, secretlen) @@ -582,11 +586,26 @@ static int kem_rsa_gen_recover(void) && TEST_ptr(rctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL)) && TEST_int_eq(EVP_PKEY_decapsulate_init(rctx, NULL), 1) && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(rctx, "RSASVE"), 1) + /* Test that providing a NULL unwrappedlen fails */ + && TEST_int_eq(EVP_PKEY_decapsulate(rctx, NULL, NULL, ct, ctlen), 0) && TEST_int_eq(EVP_PKEY_decapsulate(rctx, NULL, &unwraplen, ct, ctlen), 1) && TEST_int_eq(EVP_PKEY_decapsulate(rctx, unwrap, &unwraplen, ct, ctlen), 1) && TEST_mem_eq(unwrap, unwraplen, secret, secretlen); + + /* Test that providing a too short unwrapped/ctlen fails */ + if (fips_provider_version_match(libctx, ">=3.4.0")) { + ctlen = 1; + if (!TEST_int_eq(EVP_PKEY_encapsulate(dctx, ct, &ctlen, secret, + &secretlen), 0)) + ret = 0; + unwraplen = 1; + if (!TEST_int_eq(EVP_PKEY_decapsulate(rctx, unwrap, &unwraplen, ct, + ctlen), 0)) + ret = 0; + } + EVP_PKEY_free(pub); EVP_PKEY_free(priv); EVP_PKEY_CTX_free(rctx); @@ -633,59 +652,61 @@ static int kem_rsa_params(void) size_t ctlen = 0, secretlen = 0; ret = TEST_true(rsa_keygen(2048, &pub, &priv)) - && TEST_ptr(pubctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL)) - && TEST_ptr(privctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL)) - /* Test setting kem op before the init fails */ - && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), -2) - /* Test NULL ctx passed */ - && TEST_int_eq(EVP_PKEY_encapsulate_init(NULL, NULL), 0) - && TEST_int_eq(EVP_PKEY_encapsulate(NULL, NULL, NULL, NULL, NULL), 0) - && TEST_int_eq(EVP_PKEY_decapsulate_init(NULL, NULL), 0) - && TEST_int_eq(EVP_PKEY_decapsulate(NULL, NULL, NULL, NULL, 0), 0) - /* Test Invalid operation */ - && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, NULL), -1) - && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, NULL, NULL, 0), 0) - /* Wrong key component - no secret should be returned on failure */ - && TEST_int_eq(EVP_PKEY_decapsulate_init(pubctx, NULL), 1) - && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), 1) - && TEST_int_eq(EVP_PKEY_decapsulate(pubctx, secret, &secretlen, ct, - sizeof(ct)), 0) - && TEST_uchar_eq(secret[0], 0) - /* Test encapsulate fails if the mode is not set */ - && TEST_int_eq(EVP_PKEY_encapsulate_init(pubctx, NULL), 1) - && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, &secretlen), -2) - /* Test setting a bad kem ops fail */ - && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSA"), 0) - && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, NULL), 0) - && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL, "RSASVE"), 0) - && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL, NULL), 0) - /* Test secretlen is optional */ - && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), 1) - && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, NULL), 1) - && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1) - /* Test outlen is optional */ - && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, &secretlen), 1) - && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, NULL, secret, &secretlen), 1) - /* test that either len must be set if out is NULL */ - && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, NULL), 0) - && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1) - && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, &secretlen), 1) - && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, &secretlen), 1) - /* Secret buffer should be set if there is an output buffer */ - && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, NULL, NULL), 0) - /* Test that lengths are optional if ct is not NULL */ - && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, NULL, secret, NULL), 1) - /* Pass if secret or secret length are not NULL */ - && TEST_int_eq(EVP_PKEY_decapsulate_init(privctx, NULL), 1) - && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(privctx, "RSASVE"), 1) - && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, NULL, ct, sizeof(ct)), 1) - && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, &secretlen, ct, sizeof(ct)), 1) - && TEST_int_eq(secretlen, 256) - /* Fail if passed NULL arguments */ - && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, NULL, ct, sizeof(ct)), 0) - && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, NULL, 0), 0) - && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, NULL, sizeof(ct)), 0) - && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, ct, 0), 0); + && TEST_ptr(pubctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL)) + && TEST_ptr(privctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL)) + /* Test setting kem op before the init fails */ + && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), -2) + /* Test NULL ctx passed */ + && TEST_int_eq(EVP_PKEY_encapsulate_init(NULL, NULL), 0) + && TEST_int_eq(EVP_PKEY_encapsulate(NULL, NULL, NULL, NULL, NULL), 0) + && TEST_int_eq(EVP_PKEY_decapsulate_init(NULL, NULL), 0) + && TEST_int_eq(EVP_PKEY_decapsulate(NULL, NULL, NULL, NULL, 0), 0) + /* Test Invalid operation */ + && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, NULL), -1) + && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, NULL, NULL, 0), 0) + /* Wrong key component - no secret should be returned on failure */ + && TEST_int_eq(EVP_PKEY_decapsulate_init(pubctx, NULL), 1) + && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), 1) + && TEST_int_eq(EVP_PKEY_decapsulate(pubctx, secret, &secretlen, ct, + sizeof(ct)), 0) + && TEST_uchar_eq(secret[0], 0) + /* Unless newer FIPS, test encapsulate fails when the mode is not set. */ + && TEST_int_eq(EVP_PKEY_encapsulate_init(pubctx, NULL), 1) + && (!is_fips_lt_3_5 || + TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, &secretlen), -2)) + /* Test setting a bad kem ops fail */ + && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSA"), 0) + && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, NULL), 0) + && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL, "RSASVE"), 0) + && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL, NULL), 0) + /* Test secretlen is optional */ + && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), 1) + && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1) + && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, NULL), 1) + && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1) + /* Test outlen is optional */ + && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, &secretlen), 1) + && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, NULL, secret, &secretlen), 1) + /* test that either len must be set if out is NULL */ + && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, NULL), 0) + && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1) + && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, &secretlen), 1) + && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, &secretlen), 1) + /* Secret buffer should be set if there is an output buffer */ + && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, NULL, NULL), 0) + /* Test that lengths are optional if ct is not NULL */ + && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, NULL, secret, NULL), 1) + /* Pass if secret or secret length are not NULL */ + && TEST_int_eq(EVP_PKEY_decapsulate_init(privctx, NULL), 1) + && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(privctx, "RSASVE"), 1) + && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, NULL, ct, sizeof(ct)), 1) + && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, &secretlen, ct, sizeof(ct)), 1) + && TEST_int_eq(secretlen, 256) + /* Fail if passed NULL arguments */ + && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, NULL, ct, sizeof(ct)), 0) + && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, NULL, 0), 0) + && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, NULL, sizeof(ct)), 0) + && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, ct, 0), 0); EVP_PKEY_free(pub); EVP_PKEY_free(priv); @@ -764,8 +785,14 @@ int setup_tests(void) ADD_TEST(test_evp_cipher_api_safety); + if (strcmp(prov_name, "fips") == 0) + is_fips = 1; + + is_fips_lt_3_5 = is_fips && fips_provider_version_lt(libctx, 3, 5, 0); + #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH) - ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3); + if (!is_fips || fips_provider_version_lt(libctx, 3, 4, 0)) + ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3); #endif #ifndef OPENSSL_NO_DH ADD_ALL_TESTS(test_dh_safeprime_param_keygen, 3 * 3 * 3); diff --git a/test/evp_pkey_provided_test.c b/test/evp_pkey_provided_test.c index f0c88bc541..a51a4a3c07 100644 --- a/test/evp_pkey_provided_test.c +++ b/test/evp_pkey_provided_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/evp_test.c b/test/evp_test.c index a79ece903c..5634631703 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/helpers/handshake.c b/test/helpers/handshake.c index e0422469e4..f611b3a078 100644 --- a/test/helpers/handshake.c +++ b/test/helpers/handshake.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -348,6 +348,12 @@ static int parse_protos(const char *protos, unsigned char **out, size_t *outlen) len = strlen(protos); + if (len == 0) { + *out = NULL; + *outlen = 0; + return 1; + } + /* Should never have reuse. */ if (!TEST_ptr_null(*out) /* Test values are small, so we omit length limit checks. */ diff --git a/test/helpers/noisydgrambio.c b/test/helpers/noisydgrambio.c index 4660250e9c..2edd9835bb 100644 --- a/test/helpers/noisydgrambio.c +++ b/test/helpers/noisydgrambio.c @@ -1,5 +1,5 @@ /* - * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/helpers/quictestlib.c b/test/helpers/quictestlib.c index 0454e332cf..680606e59d 100644 --- a/test/helpers/quictestlib.c +++ b/test/helpers/quictestlib.c @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/helpers/quictestlib.h b/test/helpers/quictestlib.h index d9d01f7fc1..6bb745ba36 100644 --- a/test/helpers/quictestlib.h +++ b/test/helpers/quictestlib.h @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/helpers/ssltestlib.c b/test/helpers/ssltestlib.c index 906aed4b47..c441199ea4 100644 --- a/test/helpers/ssltestlib.c +++ b/test/helpers/ssltestlib.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,8 +7,17 @@ * https://www.openssl.org/source/license.html */ +/* + * We need access to the deprecated low level ENGINE APIs for legacy purposes + * when the deprecated calls are not hidden + */ +#ifndef OPENSSL_NO_DEPRECATED_3_0 +# define OPENSSL_SUPPRESS_DEPRECATED +#endif + #include +#include #include "internal/e_os.h" #include "internal/nelem.h" #include "ssltestlib.h" @@ -1451,3 +1460,27 @@ int ssl_ctx_add_large_cert_chain(OSSL_LIB_CTX *libctx, SSL_CTX *sctx, X509_free(chaincert); return ret; } + +ENGINE *load_dasync(void) +{ +#if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_DYNAMIC_ENGINE) + ENGINE *e; + + if (!TEST_ptr(e = ENGINE_by_id("dasync"))) + return NULL; + + if (!TEST_true(ENGINE_init(e))) { + ENGINE_free(e); + return NULL; + } + + if (!TEST_true(ENGINE_register_ciphers(e))) { + ENGINE_free(e); + return NULL; + } + + return e; +#else + return NULL; +#endif +} diff --git a/test/helpers/ssltestlib.h b/test/helpers/ssltestlib.h index 871f9bd52e..60256d2d5e 100644 --- a/test/helpers/ssltestlib.h +++ b/test/helpers/ssltestlib.h @@ -1,5 +1,5 @@ /* - * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -81,4 +81,6 @@ SSL_SESSION *create_a_psk(SSL *ssl, size_t mdsize); int ssl_ctx_add_large_cert_chain(OSSL_LIB_CTX *libctx, SSL_CTX *sctx, const char *cert_file); +ENGINE *load_dasync(void); + #endif /* OSSL_TEST_SSLTESTLIB_H */ diff --git a/test/hexstr_test.c b/test/hexstr_test.c index 5a9684e0e6..566615ed6d 100644 --- a/test/hexstr_test.c +++ b/test/hexstr_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -120,9 +120,14 @@ static int test_hexstr_ex_to_from(int test_index) return TEST_true(OPENSSL_hexstr2buf_ex(buf, sizeof(buf), &len, test->in, ':')) && TEST_mem_eq(buf, len, test->expected, test->expected_len) + && TEST_false(OPENSSL_buf2hexstr_ex(out, 3 * len - 1, NULL, buf, len, + ':')) && TEST_true(OPENSSL_buf2hexstr_ex(out, sizeof(out), NULL, buf, len, - ':')) - && TEST_str_eq(out, test->in); + ':')) + && TEST_str_eq(out, test->in) + && TEST_true(OPENSSL_buf2hexstr_ex(out, sizeof(out), NULL, buf, 0, + ':')) + && TEST_size_t_eq(strlen(out), 0); } int setup_tests(void) diff --git a/test/hmactest.c b/test/hmactest.c index 8f5bf32f87..0a29c58731 100644 --- a/test/hmactest.c +++ b/test/hmactest.c @@ -275,19 +275,21 @@ static int test_hmac_copy_uninited(void) return res; } -# ifndef OPENSSL_NO_MD5 +#ifndef OPENSSL_NO_MD5 +# define OSSL_HEX_CHARS_PER_BYTE 2 static char *pt(unsigned char *md, unsigned int len) { unsigned int i; - static char buf[80]; + static char buf[201]; if (md == NULL) return NULL; - for (i = 0; i < len; i++) - sprintf(&(buf[i * 2]), "%02x", md[i]); + for (i = 0; i < len && (i + 1) * OSSL_HEX_CHARS_PER_BYTE < sizeof(buf); i++) + BIO_snprintf(buf + i * OSSL_HEX_CHARS_PER_BYTE, + OSSL_HEX_CHARS_PER_BYTE + 1, "%02x", md[i]); return buf; } -# endif +#endif int setup_tests(void) { diff --git a/test/http_test.c b/test/http_test.c index 8015ca1960..61040be320 100644 --- a/test/http_test.c +++ b/test/http_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright Siemens AG 2020 * * Licensed under the Apache License 2.0 (the "License"). You may not use diff --git a/test/json_test.c b/test/json_test.c index db3038d766..33d9522dd0 100644 --- a/test/json_test.c +++ b/test/json_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -144,6 +144,15 @@ typedef void (*fp_pz_type)(OSSL_JSON_ENC *, const void *, size_t); return &script_info; \ } +#ifdef OPENSSL_SYS_VMS +/* + * The VMS C compiler recognises \u in strings, and emits a warning, which + * stops the build. Because we think we know what we're doing, we change that + * particular message to be merely informational. + */ +# pragma message informational UCNNOMAP +#endif + #define END_SCRIPT_EXPECTING_S(s) END_SCRIPT_EXPECTING(s, SIZE_MAX) #define END_SCRIPT_EXPECTING_Q(s) END_SCRIPT_EXPECTING(#s, sizeof(#s) - 1) diff --git a/test/keymgmt_internal_test.c b/test/keymgmt_internal_test.c index a25b109364..8d5aa22dab 100644 --- a/test/keymgmt_internal_test.c +++ b/test/keymgmt_internal_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/memleaktest.c b/test/memleaktest.c index 97827b8e9c..8761686773 100644 --- a/test/memleaktest.c +++ b/test/memleaktest.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -44,7 +44,7 @@ int main(int argc, char *argv[]) */ int exitcode = EXIT_FAILURE; #endif - char *lost; + char *volatile lost; lost = OPENSSL_malloc(3); if (!TEST_ptr(lost)) diff --git a/test/nocache-and-default.cnf b/test/nocache-and-default.cnf new file mode 100644 index 0000000000..cf5ca8d114 --- /dev/null +++ b/test/nocache-and-default.cnf @@ -0,0 +1,18 @@ +openssl_conf = openssl_init + +# Comment out the next line to ignore configuration errors +config_diagnostics = 1 + +[openssl_init] +providers = provider_sect + +[provider_sect] +test = test_sect +default = default_sect + +[test_sect] +module = ../test/p_test.so +activate = true + +[default_sect] +activate = true diff --git a/test/p_test.c b/test/p_test.c index b27a38c13e..05f71ec834 100644 --- a/test/p_test.c +++ b/test/p_test.c @@ -16,6 +16,8 @@ #include #include +#include + /* * When built as an object file to link the application with, we get the * init function name through the macro PROVIDER_INIT_FUNCTION_NAME. If @@ -46,6 +48,7 @@ static OSSL_FUNC_core_get_params_fn *c_get_params = NULL; static OSSL_FUNC_core_new_error_fn *c_new_error; static OSSL_FUNC_core_set_error_debug_fn *c_set_error_debug; static OSSL_FUNC_core_vset_error_fn *c_vset_error; +static OSSL_FUNC_BIO_vsnprintf_fn *c_BIO_vsnprintf; /* Tell the core what params we provide and what type they are */ static const OSSL_PARAM p_param_types[] = { @@ -60,6 +63,17 @@ static OSSL_FUNC_provider_get_params_fn p_get_params; static OSSL_FUNC_provider_get_reason_strings_fn p_get_reason_strings; static OSSL_FUNC_provider_teardown_fn p_teardown; +static int local_snprintf(char *buf, size_t n, const char *format, ...) +{ + va_list args; + int ret; + + va_start(args, format); + ret = (*c_BIO_vsnprintf)(buf, n, format, args); + va_end(args); + return ret; +} + static void p_set_error(int lib, int reason, const char *file, int line, const char *func, const char *fmt, ...) { @@ -114,11 +128,11 @@ static int p_get_params(void *provctx, OSSL_PARAM params[]) const char *versionp = *(void **)counter_request[0].data; const char *namep = *(void **)counter_request[1].data; - sprintf(buf, "Hello OpenSSL %.20s, greetings from %s!", - versionp, namep); + local_snprintf(buf, sizeof(buf), "Hello OpenSSL %.20s, greetings from %s!", + versionp, namep); } } else { - sprintf(buf, "Howdy stranger..."); + local_snprintf(buf, sizeof(buf), "Howdy stranger..."); } p->return_size = buf_l = strlen(buf) + 1; @@ -216,12 +230,21 @@ static const OSSL_ITEM *p_get_reason_strings(void *_) return reason_strings; } +static const OSSL_ALGORITHM *p_query(OSSL_PROVIDER *prov, + int operation_id, + int *no_cache) +{ + *no_cache = 1; + return NULL; +} + static const OSSL_DISPATCH p_test_table[] = { { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))p_gettable_params }, { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))p_get_params }, { OSSL_FUNC_PROVIDER_GET_REASON_STRINGS, (void (*)(void))p_get_reason_strings}, { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))p_teardown }, + { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))p_query }, OSSL_DISPATCH_END }; @@ -250,6 +273,9 @@ int OSSL_provider_init(const OSSL_CORE_HANDLE *handle, case OSSL_FUNC_CORE_VSET_ERROR: c_vset_error = OSSL_FUNC_core_vset_error(in); break; + case OSSL_FUNC_BIO_VSNPRINTF: + c_BIO_vsnprintf = OSSL_FUNC_BIO_vsnprintf(in); + break; default: /* Just ignore anything we don't understand */ break; diff --git a/test/pairwise_fail_test.c b/test/pairwise_fail_test.c index 9ce11a15fc..0e46aba2ad 100644 --- a/test/pairwise_fail_test.c +++ b/test/pairwise_fail_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -96,7 +96,7 @@ static int test_keygen_pairwise_failure(void) if (strcmp(pairwise_name, "rsa") == 0) { if (!TEST_true(setup_selftest_pairwise_failure(type))) goto err; - if (!TEST_ptr_null(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", 2048))) + if (!TEST_ptr_null(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", (size_t)2048))) goto err; } else if (strncmp(pairwise_name, "ec", 2) == 0) { if (strcmp(pairwise_name, "eckat") == 0) diff --git a/test/params_api_test.c b/test/params_api_test.c index 941b05c4d3..715c2718bb 100644 --- a/test/params_api_test.c +++ b/test/params_api_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use diff --git a/test/params_test.c b/test/params_test.c index a4b17ddf8f..cd3c836c7e 100644 --- a/test/params_test.c +++ b/test/params_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/test/pathed.cnf b/test/pathed.cnf new file mode 100644 index 0000000000..07bdc1fdb2 --- /dev/null +++ b/test/pathed.cnf @@ -0,0 +1,22 @@ +openssl_conf = openssl_init + +# Comment out the next line to ignore configuration errors +config_diagnostics = 1 + +[openssl_init] +providers = provider_sect + +[provider_sect] +default = default_sect +legacy = legacy_sect +test = test_sect + +[test_sect] +module = ../test/p_test.so +activate = false + +[default_sect] +activate = true + +[legacy_sect] +activate = false diff --git a/test/pkcs12_format_test.c b/test/pkcs12_format_test.c index 2c28040a3e..96e3a0462c 100644 --- a/test/pkcs12_format_test.c +++ b/test/pkcs12_format_test.c @@ -369,7 +369,8 @@ static int test_single_key(PKCS12_ENC *enc) char fname[80]; PKCS12_BUILDER *pb; - sprintf(fname, "1key_ciph-%s_iter-%d.p12", OBJ_nid2sn(enc->nid), enc->iter); + BIO_snprintf(fname, sizeof(fname), "1key_ciph-%s_iter-%d.p12", + OBJ_nid2sn(enc->nid), enc->iter); pb = new_pkcs12_builder(fname); @@ -468,7 +469,8 @@ static int test_single_cert_mac(PKCS12_ENC *mac) char fname[80]; PKCS12_BUILDER *pb; - sprintf(fname, "1cert_mac-%s_iter-%d.p12", OBJ_nid2sn(mac->nid), mac->iter); + BIO_snprintf(fname, sizeof(fname), "1cert_mac-%s_iter-%d.p12", + OBJ_nid2sn(mac->nid), mac->iter); pb = new_pkcs12_builder(fname); @@ -628,7 +630,8 @@ static int test_single_secret(PKCS12_ENC *enc) char fname[80]; PKCS12_BUILDER *pb; - sprintf(fname, "1secret_ciph-%s_iter-%d.p12", OBJ_nid2sn(enc->nid), enc->iter); + BIO_snprintf(fname, sizeof(fname), "1secret_ciph-%s_iter-%d.p12", + OBJ_nid2sn(enc->nid), enc->iter); pb = new_pkcs12_builder(fname); custom_nid = get_custom_oid(); diff --git a/test/pkey_meth_kdf_test.c b/test/pkey_meth_kdf_test.c index f816d24fb5..ad58adf482 100644 --- a/test/pkey_meth_kdf_test.c +++ b/test/pkey_meth_kdf_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -16,7 +16,7 @@ #include #include "testutil.h" -static int test_kdf_tls1_prf(void) +static int test_kdf_tls1_prf(int index) { int ret = 0; EVP_PKEY_CTX *pctx; @@ -40,10 +40,23 @@ static int test_kdf_tls1_prf(void) TEST_error("EVP_PKEY_CTX_set1_tls1_prf_secret"); goto err; } - if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, - (unsigned char *)"seed", 4) <= 0) { - TEST_error("EVP_PKEY_CTX_add1_tls1_prf_seed"); - goto err; + if (index == 0) { + if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, + (unsigned char *)"seed", 4) <= 0) { + TEST_error("EVP_PKEY_CTX_add1_tls1_prf_seed"); + goto err; + } + } else { + if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, + (unsigned char *)"se", 2) <= 0) { + TEST_error("EVP_PKEY_CTX_add1_tls1_prf_seed"); + goto err; + } + if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, + (unsigned char *)"ed", 2) <= 0) { + TEST_error("EVP_PKEY_CTX_add1_tls1_prf_seed"); + goto err; + } } if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) { TEST_error("EVP_PKEY_derive"); @@ -65,7 +78,7 @@ err: return ret; } -static int test_kdf_hkdf(void) +static int test_kdf_hkdf(int index) { int ret = 0; EVP_PKEY_CTX *pctx; @@ -94,10 +107,23 @@ static int test_kdf_hkdf(void) TEST_error("EVP_PKEY_CTX_set1_hkdf_key"); goto err; } - if (EVP_PKEY_CTX_add1_hkdf_info(pctx, (const unsigned char *)"label", 5) + if (index == 0) { + if (EVP_PKEY_CTX_add1_hkdf_info(pctx, (const unsigned char *)"label", 5) <= 0) { - TEST_error("EVP_PKEY_CTX_set1_hkdf_info"); - goto err; + TEST_error("EVP_PKEY_CTX_add1_hkdf_info"); + goto err; + } + } else { + if (EVP_PKEY_CTX_add1_hkdf_info(pctx, (const unsigned char *)"lab", 3) + <= 0) { + TEST_error("EVP_PKEY_CTX_add1_hkdf_info"); + goto err; + } + if (EVP_PKEY_CTX_add1_hkdf_info(pctx, (const unsigned char *)"el", 2) + <= 0) { + TEST_error("EVP_PKEY_CTX_add1_hkdf_info"); + goto err; + } } if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) { TEST_error("EVP_PKEY_derive"); @@ -195,8 +221,13 @@ err: int setup_tests(void) { - ADD_TEST(test_kdf_tls1_prf); - ADD_TEST(test_kdf_hkdf); + int tests = 1; + + if (fips_provider_version_ge(NULL, 3, 3, 1)) + tests = 2; + + ADD_ALL_TESTS(test_kdf_tls1_prf, tests); + ADD_ALL_TESTS(test_kdf_hkdf, tests); #ifndef OPENSSL_NO_SCRYPT ADD_TEST(test_kdf_scrypt); #endif diff --git a/test/prov_config_test.c b/test/prov_config_test.c index b44ec78d8d..2fd913dead 100644 --- a/test/prov_config_test.c +++ b/test/prov_config_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,12 +7,14 @@ * https://www.openssl.org/source/license.html */ +#include #include #include #include "testutil.h" static char *configfile = NULL; static char *recurseconfigfile = NULL; +static char *pathedconfig = NULL; /* * Test to make sure there are no leaks or failures from loading the config @@ -24,15 +26,13 @@ static int test_double_config(void) int testresult = 0; EVP_MD *sha256 = NULL; - if (!TEST_ptr(configfile)) - return 0; if (!TEST_ptr(ctx)) return 0; if (!TEST_true(OSSL_LIB_CTX_load_config(ctx, configfile))) - return 0; + goto err; if (!TEST_true(OSSL_LIB_CTX_load_config(ctx, configfile))) - return 0; + goto err; /* Check we can actually fetch something */ sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL); @@ -52,9 +52,6 @@ static int test_recursive_config(void) int testresult = 0; unsigned long err; - if (!TEST_ptr(recurseconfigfile)) - goto err; - if (!TEST_ptr(ctx)) goto err; @@ -70,6 +67,54 @@ static int test_recursive_config(void) return testresult; } +#define P_TEST_PATH "/../test/p_test.so" +static int test_path_config(void) +{ + OSSL_LIB_CTX *ctx = NULL; + OSSL_PROVIDER *prov; + int testresult = 0; + struct stat sbuf; + char *module_path = getenv("OPENSSL_MODULES"); + char *full_path = NULL; + int rc; + + if (!TEST_ptr(module_path)) + return 0; + + full_path = OPENSSL_zalloc(strlen(module_path) + strlen(P_TEST_PATH) + 1); + if (!TEST_ptr(full_path)) + return 0; + + strcpy(full_path, module_path); + full_path = strcat(full_path, P_TEST_PATH); + TEST_info("full path is %s", full_path); + rc = stat(full_path, &sbuf); + OPENSSL_free(full_path); + if (rc == -1) + return TEST_skip("Skipping modulepath test as provider not present"); + + if (!TEST_ptr(pathedconfig)) + return 0; + + ctx = OSSL_LIB_CTX_new(); + if (!TEST_ptr(ctx)) + return 0; + + if (!TEST_true(OSSL_LIB_CTX_load_config(ctx, pathedconfig))) + goto err; + + /* attempt to manually load the test provider */ + if (!TEST_ptr(prov = OSSL_PROVIDER_load(ctx, "test"))) + goto err; + + OSSL_PROVIDER_unload(prov); + + testresult = 1; + err: + OSSL_LIB_CTX_free(ctx); + return testresult; +} + OPT_TEST_DECLARE_USAGE("configfile\n") int setup_tests(void) @@ -85,7 +130,11 @@ int setup_tests(void) if (!TEST_ptr(recurseconfigfile = test_get_argument(1))) return 0; + if (!TEST_ptr(pathedconfig = test_get_argument(2))) + return 0; + ADD_TEST(test_recursive_config); ADD_TEST(test_double_config); + ADD_TEST(test_path_config); return 1; } diff --git a/test/provider_fallback_test.c b/test/provider_fallback_test.c index 5902f57c85..26ba9ea1dc 100644 --- a/test/provider_fallback_test.c +++ b/test/provider_fallback_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -39,9 +39,15 @@ static int test_explicit_provider(void) int ok; ok = TEST_ptr(ctx = OSSL_LIB_CTX_new()) - && TEST_ptr(prov = OSSL_PROVIDER_load(ctx, "default")) - && test_provider(ctx) - && TEST_true(OSSL_PROVIDER_unload(prov)); + && TEST_ptr(prov = OSSL_PROVIDER_load(ctx, "default")); + + if (ok) { + ok = test_provider(ctx); + if (ok) + ok = TEST_true(OSSL_PROVIDER_unload(prov)); + else + OSSL_PROVIDER_unload(prov); + } OSSL_LIB_CTX_free(ctx); return ok; diff --git a/test/provider_internal_test.c b/test/provider_internal_test.c index 9998e6bf97..29e5b8ae1c 100644 --- a/test/provider_internal_test.c +++ b/test/provider_internal_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -22,7 +22,7 @@ static OSSL_PARAM greeting_request[] = { static int test_provider(OSSL_PROVIDER *prov, const char *expected_greeting) { - const char *greeting = NULL; + const char *greeting = "no greeting received"; int ret = 0; ret = diff --git a/test/provider_status_test.c b/test/provider_status_test.c index 551277c8e0..9fcd2c2b14 100644 --- a/test/provider_status_test.c +++ b/test/provider_status_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,6 +14,7 @@ #include #include #include +#include #include "testutil.h" typedef enum OPTION_choice { @@ -147,6 +148,8 @@ static int test_provider_status(void) OSSL_PROVIDER *prov = NULL; OSSL_PARAM params[2]; EVP_MD *fetch = NULL; + EVP_PKEY_CTX *pctx = NULL; + EVP_PKEY *pkey = NULL; if (!TEST_ptr(prov = OSSL_PROVIDER_load(libctx, provider_name))) goto err; @@ -163,6 +166,16 @@ static int test_provider_status(void) goto err; EVP_MD_free(fetch); fetch = NULL; + /* Use RNG before triggering on-demand self tests */ + if (!TEST_ptr((pctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL))) + || !TEST_int_gt(EVP_PKEY_keygen_init(pctx), 0) + || !TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(pctx, 2048), 0) + || !TEST_int_gt(EVP_PKEY_keygen(pctx, &pkey), 0)) + goto err; + EVP_PKEY_free(pkey); + EVP_PKEY_CTX_free(pctx); + pkey = NULL; + pctx = NULL; /* Test that the provider self test is ok */ self_test_args.count = 0; diff --git a/test/provider_test.c b/test/provider_test.c index 2d20d12071..ef08cc51ea 100644 --- a/test/provider_test.c +++ b/test/provider_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -255,6 +255,7 @@ static int test_builtin_provider_with_child(void) if (!TEST_true(OSSL_PROVIDER_add_builtin(libctx, name, PROVIDER_INIT_FUNCTION_NAME))) { + OSSL_PROVIDER_unload(legacy); OSSL_LIB_CTX_free(libctx); return 0; } diff --git a/test/quic_client_test.c b/test/quic_client_test.c index 5defd65939..a7ab2b98ec 100644 --- a/test/quic_client_test.c +++ b/test/quic_client_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -18,6 +18,9 @@ static const char msg1[] = "GET LICENSE.txt\r\n"; static char msg2[16000]; +#define DST_PORT 4433 +#define DST_ADDR 0x7f000001UL + static int is_want(SSL *s, int ret) { int ec = SSL_get_error(s, ret); @@ -25,42 +28,47 @@ static int is_want(SSL *s, int ret) return ec == SSL_ERROR_WANT_READ || ec == SSL_ERROR_WANT_WRITE; } -static int test_quic_client(void) +static int test_quic_client_ex(int fd_arg) { int testresult = 0, ret; - int c_fd = INVALID_SOCKET; + int c_fd; BIO *c_net_bio = NULL, *c_net_bio_own = NULL; BIO_ADDR *s_addr_ = NULL; struct in_addr ina = {0}; SSL_CTX *c_ctx = NULL; SSL *c_ssl = NULL; - short port = 4433; + short port = DST_PORT; int c_connected = 0, c_write_done = 0, c_shutdown = 0; size_t l = 0, c_total_read = 0; OSSL_TIME start_time; unsigned char alpn[] = { 8, 'h', 't', 't', 'p', '/', '0', '.', '9' }; - ina.s_addr = htonl(0x7f000001UL); - /* Setup test client. */ - c_fd = BIO_socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP, 0); - if (!TEST_int_ne(c_fd, INVALID_SOCKET)) - goto err; + if (fd_arg == INVALID_SOCKET) { + /* Setup test client. */ + c_fd = BIO_socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP, 0); + if (!TEST_int_ne(c_fd, INVALID_SOCKET)) + goto err; - if (!TEST_true(BIO_socket_nbio(c_fd, 1))) - goto err; + if (!TEST_true(BIO_socket_nbio(c_fd, 1))) + goto err; - if (!TEST_ptr(s_addr_ = BIO_ADDR_new())) - goto err; + if (!TEST_ptr(s_addr_ = BIO_ADDR_new())) + goto err; - if (!TEST_true(BIO_ADDR_rawmake(s_addr_, AF_INET, &ina, sizeof(ina), - htons(port)))) - goto err; + ina.s_addr = htonl(DST_ADDR); + if (!TEST_true(BIO_ADDR_rawmake(s_addr_, AF_INET, &ina, sizeof(ina), + htons(port)))) + goto err; + } else { + c_fd = fd_arg; + } if (!TEST_ptr(c_net_bio = c_net_bio_own = BIO_new_dgram(c_fd, 0))) goto err; - if (!BIO_dgram_set_peer(c_net_bio, s_addr_)) + /* connected socket does not need to set peer */ + if (s_addr_ != NULL && !BIO_dgram_set_peer(c_net_bio, s_addr_)) goto err; if (!TEST_ptr(c_ctx = SSL_CTX_new(OSSL_QUIC_client_method()))) @@ -157,11 +165,51 @@ err: SSL_CTX_free(c_ctx); BIO_ADDR_free(s_addr_); BIO_free(c_net_bio_own); - if (c_fd != INVALID_SOCKET) + if (fd_arg == INVALID_SOCKET && c_fd != INVALID_SOCKET) BIO_closesocket(c_fd); return testresult; } +static int test_quic_client(void) +{ + return (test_quic_client_ex(INVALID_SOCKET)); +} + +static int test_quic_client_connect_first(void) +{ + struct sockaddr_in sin = {0}; + int c_fd; + int rv; + +#ifdef SA_LEN + sin.sin_len = sizeof(struct sockaddr_in); +#endif + sin.sin_family = AF_INET; + sin.sin_port = htons(DST_PORT); + sin.sin_addr.s_addr = htonl(DST_ADDR); + + c_fd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); + if (!TEST_int_ne(c_fd, INVALID_SOCKET)) + goto err; + + if (!TEST_int_eq(connect(c_fd, (const struct sockaddr *)&sin, sizeof(sin)), 0)) + goto err; + + if (!TEST_true(BIO_socket_nbio(c_fd, 1))) + goto err; + + rv = test_quic_client_ex(c_fd); + + close(c_fd); + + return (rv); + +err: + if (c_fd != INVALID_SOCKET) + close(c_fd); + return (0); +} + OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n") int setup_tests(void) @@ -172,5 +220,7 @@ int setup_tests(void) } ADD_TEST(test_quic_client); + ADD_TEST(test_quic_client_connect_first); + return 1; } diff --git a/test/quic_fc_test.c b/test/quic_fc_test.c index 62152efb50..5136c2841e 100644 --- a/test/quic_fc_test.c +++ b/test/quic_fc_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/quic_fifd_test.c b/test/quic_fifd_test.c index 6a70843ceb..cfa5a77745 100644 --- a/test/quic_fifd_test.c +++ b/test/quic_fifd_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/quic_multistream_test.c b/test/quic_multistream_test.c index 7c2e1a3d74..9fac202abe 100644 --- a/test/quic_multistream_test.c +++ b/test/quic_multistream_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -187,6 +187,7 @@ struct script_op { #define OPK_POP_ERR 51 #define OPK_C_WRITE_EX2 52 #define OPK_SKIP_IF_BLOCKING 53 +#define OPK_C_STREAM_RESET_FAIL 54 #define EXPECT_CONN_CLOSE_APP (1U << 0) #define EXPECT_CONN_CLOSE_REMOTE (1U << 1) @@ -285,6 +286,8 @@ struct script_op { {OPK_S_READ_FAIL, NULL, (allow_zero_len), NULL, #stream_name}, #define OP_C_STREAM_RESET(stream_name, aec) \ {OPK_C_STREAM_RESET, NULL, 0, NULL, #stream_name, (aec)}, +#define OP_C_STREAM_RESET_FAIL(stream_name, aec) \ + {OPK_C_STREAM_RESET_FAIL, NULL, 0, NULL, #stream_name, (aec)}, #define OP_S_ACCEPT_STREAM_WAIT(stream_name) \ {OPK_S_ACCEPT_STREAM_WAIT, NULL, 0, NULL, #stream_name}, #define OP_NEW_THREAD(num_threads, script) \ @@ -784,7 +787,7 @@ static int helper_init(struct helper *h, const char *script_name, goto err; /* Set title for qlog purposes. */ - snprintf(title, sizeof(title), "quic_multistream_test: %s", script_name); + BIO_snprintf(title, sizeof(title), "quic_multistream_test: %s", script_name); if (!TEST_true(ossl_quic_set_diag_title(h->c_ctx, title))) goto err; @@ -1830,6 +1833,7 @@ static int run_script_worker(struct helper *h, const struct script_op *script, break; case OPK_C_STREAM_RESET: + case OPK_C_STREAM_RESET_FAIL: { SSL_STREAM_RESET_ARGS args = {0}; @@ -1837,9 +1841,13 @@ static int run_script_worker(struct helper *h, const struct script_op *script, goto out; args.quic_error_code = op->arg2; - - if (!TEST_true(SSL_stream_reset(c_tgt, &args, sizeof(args)))) - goto out; + if (op->op == OPK_C_STREAM_RESET) { + if (!TEST_true(SSL_stream_reset(c_tgt, &args, sizeof(args)))) + goto out; + } else { + if (!TEST_false(SSL_stream_reset(c_tgt, &args, sizeof(args)))) + goto out; + } } break; @@ -2376,6 +2384,7 @@ static const struct script_op script_10[] = { static const struct script_op script_11_child[] = { OP_C_ACCEPT_STREAM_WAIT (a) OP_C_READ_EXPECT (a, "foo", 3) + OP_SLEEP (10) OP_C_EXPECT_FIN (a) OP_END @@ -5715,6 +5724,26 @@ static const struct script_op script_86[] = { OP_END }; + +/* 87. Test stream reset functionality */ +static const struct script_op script_87[] = { + OP_C_SET_ALPN ("ossltest") + OP_C_CONNECT_WAIT () + OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0)) + OP_C_WRITE (a, "apple", 5) + OP_C_CONCLUDE (a) + OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) + OP_S_READ_EXPECT (a, "apple", 5) + OP_S_EXPECT_FIN (a) + OP_S_WRITE (a, "orange", 6) + OP_C_READ_EXPECT (a, "orange", 6) + OP_S_CONCLUDE (a) + OP_C_EXPECT_FIN (a) + OP_SLEEP (1000) + OP_C_STREAM_RESET_FAIL (a, 42) + OP_END +}; + static const struct script_op *const scripts[] = { script_1, script_2, @@ -5801,7 +5830,8 @@ static const struct script_op *const scripts[] = { script_83, script_84, script_85, - script_86 + script_86, + script_87 }; static int test_script(int idx) @@ -5827,7 +5857,7 @@ static int test_script(int idx) } #endif - snprintf(script_name, sizeof(script_name), "script %d", script_idx + 1); + BIO_snprintf(script_name, sizeof(script_name), "script %d", script_idx + 1); TEST_info("Running script %d (order=%d, blocking=%d)", script_idx + 1, free_order, blocking); @@ -5912,8 +5942,8 @@ static ossl_unused int test_dyn_frame_types(int idx) s[i].arg2 = forbidden_frame_types[idx].expected_err; } - snprintf(script_name, sizeof(script_name), - "dyn script %d", idx); + BIO_snprintf(script_name, sizeof(script_name), + "dyn script %d", idx); return run_script(dyn_frame_types_script, script_name, 0, 0); } @@ -5922,6 +5952,10 @@ OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n") int setup_tests(void) { +#if defined (_PUT_MODEL_) + return TEST_skip("QUIC is not supported by this build"); +#endif + if (!test_skip_common_options()) { TEST_error("Error parsing test options\n"); return 0; diff --git a/test/quic_rcidm_test.c b/test/quic_rcidm_test.c index ad1c1ac588..4b7fa50eea 100644 --- a/test/quic_rcidm_test.c +++ b/test/quic_rcidm_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/quicapitest.c b/test/quicapitest.c index 2b6c2fc6e0..31b586bd5b 100644 --- a/test/quicapitest.c +++ b/test/quicapitest.c @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -262,9 +262,9 @@ static int test_fin_only_blocking(void) if (!TEST_int_eq(SSL_get_error(clientquic, 0), SSL_ERROR_ZERO_RETURN) /* * We expect the SSL_read_ex to not have blocked so this should - * be very fast. 20ms should be plenty. + * be very fast. 40ms should be plenty. */ - || !TEST_uint64_t_le(ossl_time2ms(timediff), 20)) + || !TEST_uint64_t_le(ossl_time2ms(timediff), 40)) goto end; if (!TEST_true(qtest_shutdown(qtserv, clientquic))) @@ -285,7 +285,7 @@ static int test_fin_only_blocking(void) static int test_ciphersuites(void) { SSL_CTX *ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()); - SSL *ssl; + SSL *ssl = NULL; int testresult = 0; const STACK_OF(SSL_CIPHER) *ciphers = NULL; const SSL_CIPHER *cipher; @@ -302,10 +302,20 @@ static int test_ciphersuites(void) if (!TEST_ptr(ctx)) return 0; + /* + * Attempting to set TLSv1.2 ciphersuites should succeed, even though they + * aren't used in QUIC. + */ + if (!TEST_true(SSL_CTX_set_cipher_list(ctx, "DEFAULT"))) + goto err; + ssl = SSL_new(ctx); if (!TEST_ptr(ssl)) goto err; + if (!TEST_true(SSL_set_cipher_list(ssl, "DEFAULT"))) + goto err; + ciphers = SSL_get_ciphers(ssl); for (i = 0, j = 0; i < OSSL_NELEM(cipherids); i++) { @@ -496,21 +506,15 @@ static int compare_with_file(BIO *membio) */ static int test_ssl_trace(void) { - SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()); + SSL_CTX *cctx = NULL; SSL *clientquic = NULL; QUIC_TSERVER *qtserv = NULL; int testresult = 0; - BIO *bio = BIO_new(BIO_s_mem()); + BIO *bio = NULL; - /* - * Ensure we only configure ciphersuites that are available with both the - * default and fips providers to get the same output in both cases - */ - if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, "TLS_AES_128_GCM_SHA256"))) - goto err; - - if (!TEST_ptr(cctx) - || !TEST_ptr(bio) + if (!TEST_ptr(cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())) + || !TEST_ptr(bio = BIO_new(BIO_s_mem())) + || !TEST_true(SSL_CTX_set_ciphersuites(cctx, "TLS_AES_128_GCM_SHA256")) || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert, privkey, QTEST_FLAG_FAKE_TIME, @@ -524,8 +528,15 @@ static int test_ssl_trace(void) if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic))) goto err; - if (!TEST_true(compare_with_file(bio))) - goto err; + /* Skip the comparison of the trace when the fips provider is used. */ + if (is_fips) { + /* Check whether there was something written. */ + if (!TEST_int_gt(BIO_pending(bio), 0)) + goto err; + } else { + if (!TEST_true(compare_with_file(bio))) + goto err; + } testresult = 1; err: @@ -2168,6 +2179,77 @@ err: qtest_fault_free(qtf); return testresult; } + +static int new_called = 0; +static SSL *cbssl = NULL; + +static int new_session_cb(SSL *ssl, SSL_SESSION *sess) +{ + new_called++; + /* + * Remember the SSL ref we were called with. No need to up-ref this. It + * should remain valid for the duration of the test. + */ + cbssl = ssl; + /* + * sess has been up-refed for us, but we don't actually need it so free it + * immediately. + */ + SSL_SESSION_free(sess); + return 1; +} + +/* Test using a new_session_cb with a QUIC SSL object works as expected */ +static int test_session_cb(void) +{ + SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()); + SSL *clientquic = NULL; + QUIC_TSERVER *qtserv = NULL; + int testresult = 0; + + if (!TEST_ptr(cctx)) + goto err; + + new_called = 0; + cbssl = NULL; + SSL_CTX_sess_set_new_cb(cctx, new_session_cb); + SSL_CTX_set_session_cache_mode(cctx, SSL_SESS_CACHE_CLIENT); + + if (!TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert, + privkey, + QTEST_FLAG_FAKE_TIME, + &qtserv, &clientquic, + NULL, NULL))) + goto err; + + if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic))) + goto err; + + /* Process the pending NewSessionTickets */ + if (!TEST_true(SSL_handle_events(clientquic))) + goto err; + + if (!TEST_int_eq(SSL_shutdown(clientquic), 0)) + goto err; + + /* + * Check the callback was called twice (we expect 2 tickets), and with the + * correct SSL reference + */ + if (!TEST_int_eq(new_called, 2) + || !TEST_ptr_eq(clientquic, cbssl)) + goto err; + + testresult = 1; + err: + cbssl = NULL; + ossl_quic_tserver_free(qtserv); + SSL_free(clientquic); + SSL_CTX_free(cctx); + + return testresult; +} + /***********************************************************************************/ OPT_TEST_DECLARE_USAGE("provider config certsdir datadir\n") @@ -2260,6 +2342,7 @@ int setup_tests(void) ADD_TEST(test_bw_limit); ADD_TEST(test_get_shutdown); ADD_ALL_TESTS(test_tparam, OSSL_NELEM(tparam_tests)); + ADD_TEST(test_session_cb); return 1; err: diff --git a/test/quicfaultstest.c b/test/quicfaultstest.c index 174c4ee0c0..c2187e1ea4 100644 --- a/test/quicfaultstest.c +++ b/test/quicfaultstest.c @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/02-test_errstr.t b/test/recipes/02-test_errstr.t index 61adc83e58..07a68ad940 100644 --- a/test/recipes/02-test_errstr.t +++ b/test/recipes/02-test_errstr.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2018-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/03-test_fipsinstall.t b/test/recipes/03-test_fipsinstall.t index b8b136d110..0c503c77f8 100644 --- a/test/recipes/03-test_fipsinstall.t +++ b/test/recipes/03-test_fipsinstall.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -206,7 +206,7 @@ ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile, ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips_fail.cnf', '-module', $infile, '-provider_name', 'fips', '-mac_name', 'HMAC', '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", - '-section_name', 'fips_sect', '-corrupt_desc', 'SHA1'])), + '-section_name', 'fips_sect', '-corrupt_desc', 'SHA2'])), "fipsinstall fails when the digest result is corrupted"); # corrupt another digest @@ -291,6 +291,10 @@ SKIP: { SKIP: { skip "Skipping Asymmetric RSA corruption test because of no rsa in this build", 1 if disabled("rsa"); + run(test(["fips_version_test", "-config", $provconf, "<3.5.0"]), + capture => 1, statusvar => \my $exit); + skip "FIPS provider version is too new for Asymmetric RSA corruption test", 1 + if !$exit; ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile, '-corrupt_desc', 'RSA_Encrypt', '-corrupt_type', 'KAT_AsymmetricCipher'])), diff --git a/test/recipes/04-test_asn1_stable_parse.t b/test/recipes/04-test_asn1_stable_parse.t index a6fe6a3d8f..0f55344399 100644 --- a/test/recipes/04-test_asn1_stable_parse.t +++ b/test/recipes/04-test_asn1_stable_parse.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/04-test_conf.t b/test/recipes/04-test_conf.t index f987e43c8e..574859e90e 100644 --- a/test/recipes/04-test_conf.t +++ b/test/recipes/04-test_conf.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -18,6 +18,7 @@ setup('test_conf'); my %input_result = ( 'dollarid_on.cnf' => 'dollarid_on.txt', 'dollarid_off.cnf' => 'dollarid_off.txt', + 'oversized_line.cnf' => 'oversized_line.txt', ); plan skip_all => 'This is unsupported for cross compiled configurations' diff --git a/test/recipes/04-test_conf_data/oversized_line.cnf b/test/recipes/04-test_conf_data/oversized_line.cnf new file mode 100644 index 0000000000..08988a2e0f --- /dev/null +++ b/test/recipes/04-test_conf_data/oversized_line.cnf @@ -0,0 +1,3 @@ +foo = a_line_longer_than_512_characters_\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"_end +bar = a_line_longer_than_512_characters__\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"_end +last = x diff --git a/test/recipes/04-test_conf_data/oversized_line.txt b/test/recipes/04-test_conf_data/oversized_line.txt new file mode 100644 index 0000000000..c15b654300 --- /dev/null +++ b/test/recipes/04-test_conf_data/oversized_line.txt @@ -0,0 +1,4 @@ +[ default ] +foo = a_line_longer_than_512_characters_""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""_end +bar = a_line_longer_than_512_characters__""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""_end +last = x diff --git a/test/recipes/04-test_encoder_decoder.t b/test/recipes/04-test_encoder_decoder.t index 8e7ed629be..2acc980e90 100644 --- a/test/recipes/04-test_encoder_decoder.t +++ b/test/recipes/04-test_encoder_decoder.t @@ -25,9 +25,26 @@ my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); my $rsa_key = srctop_file("test", "certs", "ee-key.pem"); my $pss_key = srctop_file("test", "certs", "ca-pss-key.pem"); -plan tests => ($no_fips ? 0 : 3) + 2; # FIPS install test + test +plan tests => ($no_fips ? 0 : 5) + 2; # FIPS install test + test my $conf = srctop_file("test", "default.cnf"); + +# Check if the specified pattern occurs in the given file +# Returns 1 if the pattern is found and 0 if not +sub find_line_file { + my ($key, $file) = @_; + + open(my $in, $file) or return -1; + while (my $line = <$in>) { + if ($line =~ /$key/) { + close($in); + return 1; + } + } + close($in); + return 0; +} + ok(run(test(["endecode_test", "-rsa", $rsa_key, "-pss", $pss_key, "-config", $conf, @@ -47,7 +64,15 @@ unless ($no_fips) { "-pss", $pss_key, "-config", $conf, "-provider", "fips"]))); - +SKIP: { + skip "EC disabled", 2 if disabled("ec"); + ok(run(app([ 'openssl', 'genpkey', '-algorithm', 'EC', + '-pkeyopt', 'group:P-256', '-text', + '-config', $conf, '-provider', 'fips', '-out', 'ec.txt' ])), + 'Print a FIPS provider EC private key'); + ok(find_line_file('NIST CURVE: P-256', 'ec.txt') == 1, + 'Printing an FIPS provider EC private key'); +} my $no_des = disabled("des"); SKIP: { skip "MD5 disabled", 2 if disabled("md5"); diff --git a/test/recipes/15-test_dsaparam_data/invalid/p10240_q256_too_big.pem b/test/recipes/15-test_dsaparam_data/invalid/p10240_q256_too_big.pem new file mode 100644 index 0000000000..e85e2953b7 --- /dev/null +++ b/test/recipes/15-test_dsaparam_data/invalid/p10240_q256_too_big.pem @@ -0,0 +1,57 @@ +-----BEGIN DSA PARAMETERS----- +MIIKLAKCBQEAym47LzPFZdbz16WvjczLKuzLtsP8yRk/exxL4bBthJhP1qOwctja +p1586SF7gDxCMn7yWVEYdfRbFefGoq0gj1XOE917XqlbnkmZhMgxut2KbNJo/xil +XNFUjGvKs3F413U9rAodC8f07cWHP1iTcWL+vPe6u2yilKWYYfnLWHQH+Z6aPrrF +x/R08LI6DZ6nEsIo+hxaQnEtx+iqNTJC6Q1RIjWDqxQkFVTkJ0Y7miRDXmRdneWk +oLrMZRpaXr5l5tSjEghh1pBgJcdyOv0lh4dlDy/alAiqE2Qlb667yHl6A9dDPlpW +dAntpffy4LwOxfbuEhISvKjjQoBwIvYE4TBPqL0Q6bC6HgQ4+tqd9b44pQjdIQjb +Xcjc6azheITSnPEex3OdKtKoQeRq01qCeLBpMXu1c+CTf4ApKArZvT3vZSg0hM1O +pR71bRZrEEegDj0LH2HCgI5W6H3blOS9A0kUTddCoQXr2lsVdiPtRbPKH1gcd9FQ +P8cGrvbakpTiC0dCczOMDaCteM1QNILlkM7ZoV6VghsKvDnFPxFsiIr5GgjasXP5 +hhbn3g7sDoq1LiTEo+IKQY28pBWx7etSOSRuXW/spnvCkivZla7lSEGljoy9QlQ2 +UZmsEQI9G3YyzgpxHvKZBK1CiZVTywdYKTZ4TYCxvqzhYhjv2bqbpjI12HRFLojB +koyEmMSp53lldCzp158PrIanqSp2rksMR8SmmCL3FwfAp2OjqFMEglG9DT8x0WaN +TLSkjGC6t2csMte7WyU1ekNoFDKfMjDSAz0+xIx21DEmZtYqFOg1DNPK1xYLS0pl +RSMRRkJVN2mk/G7/1oxlB8Wb9wgi3GKUqqCYT11SnBjzq0NdoJ3E4GMedp5Lx3AZ +4mFuRPUd4iV86tE0XDSHSFE7Y3ZkrOjD7Q/26/L53L/UH5z4HW6CHP5os7QERJjg +c1S3x87wXWo9QXbB9b2xmf+c+aWwAAr1cviw38tru58jF3/IGyduj9H8claKQqBG +cIOUF4aNe1hK2K3ArAOApUxr4KE+tCvrltRfiTmVFip0g9Jt1CPY3Zu7Bd4Z2ZkE +DtSztpwa49HrWF5E9xpquvBL2U8jQ68E7Xd8Wp4orI/TIChriamBmdkgRz3H2LvN +Ozb6+hsnEGrz3sp2RVAToSqA9ysa6nHZdfufPNtMEbQdO/k1ehmGRb0ljBRsO6b2 +rsG2eYuC8tg8eCrIkua0TGRI7g6a4K32AJdzaX6NsISaaIW+OYJuoDSscvD3oOg8 +PPEhU+zM7xJskTA+jxvPlikKx8V7MNHOCQECldJlUBwzJvqp40JvwfnDsF+8VYwd +UaiieR3pzMzyTjpReXRmZbnRPusRcsVzxb2OhB79wmuy4UPjjQBX+7eD0rs8xxvW +5a5q1Cjq4AvbwmmcA/wDrHDOjcbD/zodad2O1QtBWa/R4xyWea4zKsflgACE1zY9 +wW2br7+YQFekcrXkkkEzgxd6zxv8KVEDpXRZjmAM1cI5LvkoN64To4GedN8Qe/G7 +R9SZh9gnS17PTP64hK+aYqhFafMdu87q/+qLfxaSux727qE5hiW01u4nnWhACf9s +xuOozowKqxZxkolMIyZv6Lddwy1Zv5qjCyd0DvM/1skpXWkb9kfabYC+OhjsjVhs +0Ktfs6a5B3eixiw5x94hhIcTEcS4hmvhGUL72FiTca6ZeSERTKmNBy8CIQC9/ZUN +uU/V5JTcnYyUGHzm7+XcZBjyGBagBj9rCmW3SQKCBQAJ/k9rb39f1cO+/3XDEMjy +9bIEXSuS48g5RAc1UGd5nrrBQwuDxGWFyz0yvAY7LgyidZuJS21+MAp9EY7AOMmx +TDttifNaBJYt4GZ8of166PcqTKkHQwq5uBpxeSDv/ZE8YbYfaCtLTcUC8KlO+l36 +gjJHSkdkflSsGy1yObSNDQDfVAAwQs//TjDMnuEtvlNXZllsTvFFBceXVETn10K2 +ZMmdSIJNfLnjReUKEN6PfeGqv7F4xoyGwUybEfRE4u5RmXrqCODaIjY3SNMrOq8B +R3Ata/cCozsM1jIdIW2z+OybDJH+BYsYm2nkSZQjZS6javTYClLrntEKG/hAQwL8 +F16YLOQXpHhgiAaWnTZzANtLppB2+5qCVy5ElzKongOwT8JTjTFXOaRnqe/ngm9W +SSbrxfDaoWUOyK9XD8Cydzpv3n4Y8nWNGayi7/yAFCU36Ri040ufgv/TZLuKacnl ++3ga3ZUpRlSigzx0kb1+KjTSWeQ8vE/psdWjvBukVEbzdUauMLyRLo/6znSVvvPX +UGhviThE5uhrsUg+wEPFINriSHfF7JDKVhDcJnLBdaXvfN52pkF/naLBF5Rt3Gvq +fjCxjx0Sy9Lag1hDN4dor7dzuO7wmwOS01DJW1PtNLuuH0Bbqh1kYSaQkmyXBZWX +qo8K3nkoDM0niOtJJubOhTNrGmSaZpNXkK3Mcy9rBbdvEs5O0Jmqaax/eOdU0Yot +B3lX+3ddOseT2ZEFjzObqTtkWuFBeBxuYNcRTsu3qMdIBsEb8URQdsTtjoIja2fK +hreVgjK36GW70KXEl8V/vq5qjQulmqkBEjmilcDuiREKqQuyeagUOnhQaBplqVco +4xznh5DMBMRbpGb5lHxKv4cPNi+uNAJ5i98zWUM1JRt6aXnRCuWcll1z8fRZ+5kD +vK9FaZU3VRMK/eknEG49cGr8OuJ6ZRSaC+tKwV1y+amkSZpKPWnk2bUnQI3ApJv3 +k1e1EToeECpMUkLMDgNbpKBoz4nqMEvAAlYgw9xKNbLlQlahqTVEAmaJHh4yDMDy +i7IZ9Wrn47IGoR7s3cvhDHUpRPeW4nsmgzj+tf5EAxemI61STZJTTWo0iaPGJxct +9nhOOhw1I38Mvm4vkAbFH7YJ0B6QrjjYL2MbOTp5JiIh4vdOeWwNo9/y4ffyaN5+ +ADpxuuIAmcbdr6GPOhkOFFixRJa0B2eP1i032HESlLs8RB9oYtdTXdXQotnIgJGd +Y8tSKOa1zjzeLHn3AVpRZTUW++/BxmApV3GKIeG8fsUjg/df0QRrBcdC/1uccdaG +KKlAOwlywVn5jUlwHkTmDiTM9w5AqVVGHZ2b+4ZgQW8jnPKN0SrKf6U555D+zp7E +x4uXoE8ojN9y8m8UKf0cTLnujH2XgZorjPfuMOt5VZEhQFMS2QaljSeni5CJJ8gk +XtztNqfBlAtWR4V5iAHeQOfIB2YaOy8GESda89tyKraKeaez41VblpTVHTeq9IIF +YB4cQA2PfuNaGVRGLMAgT3Dvl+mxxxeJyxnGAiUcETU/jJJt9QombiuszBlYGQ5d +ELOSm/eQSRARV9zNSt5jaQlMSjMBqenIEM09BzYqa7jDwqoztFxNdO8bcuQPuKwa +4z3bBZ1yYm63WFdNbQqqGEwc0OYmqg1raJ0zltgHyjFyw8IGu4g/wETs+nVQcH7D +vKuje86bePD6kD/LH3wmkA== +-----END DSA PARAMETERS----- diff --git a/test/recipes/15-test_gensm2.t b/test/recipes/15-test_gensm2.t index 62e21ff8d7..c62434cb15 100644 --- a/test/recipes/15-test_gensm2.t +++ b/test/recipes/15-test_gensm2.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/20-test_dgst.t b/test/recipes/20-test_dgst.t index d1b2ccf5c7..7bd558331d 100644 --- a/test/recipes/20-test_dgst.t +++ b/test/recipes/20-test_dgst.t @@ -17,7 +17,7 @@ use OpenSSL::Test::Utils; setup("test_dgst"); -plan tests => 13; +plan tests => 14; sub tsignverify { my $testtext = shift; @@ -233,7 +233,7 @@ subtest "SHAKE digest generation with no xoflen set `dgst` CLI" => sub { }; SKIP: { - skip "ECDSA is not supported by this OpenSSL build", 1 + skip "ECDSA is not supported by this OpenSSL build", 2 if disabled("ec"); subtest "signing with xoflen is not supported `dgst` CLI" => sub { @@ -245,5 +245,17 @@ SKIP: { '-out', 'test.sig', srctop_file('test', 'data.bin')])), "Generating signature with xoflen should fail"); + }; + + subtest "signing using the nonce-type sigopt" => sub { + plan tests => 1; + my $data_to_sign = srctop_file('test', 'data.bin'); + + ok(run(app(['openssl', 'dgst', '-sha256', + '-sign', srctop_file("test","testec-p256.pem"), + '-out', 'test.sig', + '-sigopt', 'nonce-type:1', + srctop_file('test', 'data.bin')])), + "Sign using the nonce-type sigopt"); } } diff --git a/test/recipes/20-test_nocache.t b/test/recipes/20-test_nocache.t new file mode 100644 index 0000000000..734e44ec8c --- /dev/null +++ b/test/recipes/20-test_nocache.t @@ -0,0 +1,34 @@ +#! /usr/bin/env perl +# Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use warnings; + +use OpenSSL::Test qw/:DEFAULT bldtop_file srctop_file bldtop_dir with/; +use OpenSSL::Test::Utils; + +setup("test_nocache"); + +plan tests => 4; + +ok(run(app(["openssl", "list", "-mac-algorithms"], + stdout => "listout.txt")), +"List mac algorithms - default configuration"); +open DATA, "listout.txt"; +my @match = grep /MAC/, ; +close DATA; +ok(scalar @match > 1 ? 1 : 0, "Several algorithms are listed - default configuration"); + +$ENV{OPENSSL_CONF} = bldtop_file("test", "nocache-and-default.cnf"); +ok(run(app(["openssl", "list", "-mac-algorithms"], + stdout => "listout.txt")), +"List mac algorithms"); +open DATA, "listout.txt"; +my @match = grep /MAC/, ; +close DATA; +ok(scalar @match > 1 ? 1 : 0, "Several algorithms are listed - nocache-and-default"); diff --git a/test/recipes/25-test_eai_data.t b/test/recipes/25-test_eai_data.t index 522982ddfb..63548d0602 100644 --- a/test/recipes/25-test_eai_data.t +++ b/test/recipes/25-test_eai_data.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -21,16 +21,18 @@ setup("test_eai_data"); #./util/wrap.pl apps/openssl verify -nameopt utf8 -no_check_time -CAfile test/recipes/25-test_eai_data/utf8_chain.pem test/recipes/25-test_eai_data/ascii_leaf.pem #./util/wrap.pl apps/openssl verify -nameopt utf8 -no_check_time -CAfile test/recipes/25-test_eai_data/ascii_chain.pem test/recipes/25-test_eai_data/utf8_leaf.pem -plan tests => 12; +plan tests => 16; require_ok(srctop_file('test','recipes','tconversion.pl')); my $folder = "test/recipes/25-test_eai_data"; my $ascii_pem = srctop_file($folder, "ascii_leaf.pem"); my $utf8_pem = srctop_file($folder, "utf8_leaf.pem"); +my $kdc_pem = srctop_file($folder, "kdc-cert.pem"); my $ascii_chain_pem = srctop_file($folder, "ascii_chain.pem"); my $utf8_chain_pem = srctop_file($folder, "utf8_chain.pem"); +my $kdc_chain_pem = srctop_file($folder, "kdc-root-cert.pem"); my $out; my $outcnt = 0; @@ -56,10 +58,18 @@ SKIP: { ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $ascii_chain_pem, $ascii_pem]))); ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $utf8_chain_pem, $utf8_pem]))); +ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $kdc_chain_pem, $kdc_pem]))); ok(!run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $ascii_chain_pem, $utf8_pem]))); ok(!run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $utf8_chain_pem, $ascii_pem]))); +# Check an otherName does not get misparsed as an DNS name, (should trigger ASAN errors if violated). +ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-verify_hostname", 'mx1.example.com', "-CAfile", $kdc_chain_pem, $kdc_pem]))); +# Check an otherName does not get misparsed as an email address, (should trigger ASAN errors if violated). +ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-verify_email", 'joe@example.com', "-CAfile", $kdc_chain_pem, $kdc_pem]))); +# We expect SmtpUTF8Mailbox to be a UTF8 String, not an IA5String. +ok(!run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-verify_email", 'moe@example.com', "-CAfile", $kdc_chain_pem, $kdc_pem]))); + #Check that we get the expected failure return code with({ exit_checker => sub { return shift == 2; } }, sub { diff --git a/test/recipes/25-test_eai_data/kdc-cert.pem b/test/recipes/25-test_eai_data/kdc-cert.pem new file mode 100644 index 0000000000..e8a2c6f55d --- /dev/null +++ b/test/recipes/25-test_eai_data/kdc-cert.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDbDCCAlSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 +MCAXDTI0MDYyMDA2MTQxNVoYDzIxMjQwNjIwMDYxNDE1WjAXMRUwEwYDVQQDDAxU +RVNULkVYQU1QTEUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6wfP+ +6go79dkpo/dGLMlPZ7Gw/Q6gUYrCWZWUEgEeRVHCrqOlgUEyA+PcWas/XDPUxXry +BQlJHLvlqamAQn8gs4QPBARFYWKNiTVGyaRkgNA1N5gqyZdrP9UE+ZJmdqxRAAe8 +vvpGZWSgevPhLUiSCFYDiD0Rtji2Hm3rGUrReQFBQDEw2pNGwz9zIaxUs08kQZcx +Yzyiplz5Oau+R/6sAgUwDlrD9xOlUxx/tA/MSDIfkK8qioU11uUZtO5VjkNQy/bT +7zQMmXxWgm2MIgOs1u4YN7YGOtgqHE9v9iPHHfgrkbQDtVDGQsa8AQEhkUDSCtW9 +3VFAKx6dGNXYzFwfAgMBAAGjgcgwgcUwHQYDVR0OBBYEFFR5tZycW19DmtbL4Zqj +te1c2vZLMAkGA1UdIwQCMAAwCQYDVR0TBAIwADCBjQYDVR0RBIGFMIGCoD8GBisG +AQUCAqA1MDOgDhsMVEVTVC5FWEFNUExFoSEwH6ADAgEBoRgwFhsGa3JidGd0GwxU +RVNULkVYQU1QTEWgHQYIKwYBBQUHCAmgERYPbW9lQGV4YW1wbGUuY29tgQ9qb2VA +ZXhhbXBsZS5jb22CD214MS5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEA +T0xzVtVpRtaOzIhgzw7XQUdzWD5UEGSJJ1cBCOmKUWwDLTAouCYLFB4TbEE7MMUb +iuMy60bjmVtvfJIXorGUgSadRe5RWJ5DamJWvPA0Q9x7blnEcXqEF+9Td+ypevgU +UYHFmg83OYwxOsFXZ5cRuXMk3WCsDHQIBi6D1L6oDDZ2pfArs5mqm3thQKVlqyl1 +El3XRYEdqAz/5eCOFNfwxF0ALxjxVr/Z50StUZU8I7Zfev6+kHhyrR7dqzYJImv9 +0fTCOBEMjIETDsrA70OxAMu4V16nrWZdJdvzblS2qrt97Omkj+2kiPAJFB76RpwI +oDQ9fKfUOAmUFth2/R/eGA== +-----END CERTIFICATE----- diff --git a/test/recipes/25-test_eai_data/kdc-root-cert.pem b/test/recipes/25-test_eai_data/kdc-root-cert.pem new file mode 100644 index 0000000000..a74c96bf31 --- /dev/null +++ b/test/recipes/25-test_eai_data/kdc-root-cert.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIICnDCCAYQCCQCBswYcrlZSHjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARS +b290MCAXDTI0MDYyMDA2MTQxNVoYDzIxMjQwNjIwMDYxNDE1WjAPMQ0wCwYDVQQD +DARSb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqRj8S4kBbIUj +61kZfi6nE35Q38U140+qt4uAiwAhKumfVHlBM0zQ98WFt5zMHIBQwIb3yjc2zj+0 +qzUnQfwm1r/RfcMmBPEti9Ge+aEMSsds2gMXziOFM8wd2aAFPy7UVE0XpEWofsRK +MGi61MKVdPSbGIxBwY9VW38/7D/wf1HtJe7y0xpuecR7GB2XAs+qST59NjuF+7wS +dLM8Hb3TATgeYbXXWsRJgwz+SPzExg5WmLnU+7y4brZ32dHtdSmkRVSgSlaIf7Xj +3Tc6Zi7I+W/JYk7hy1zUexVdWCak4PHcoWrXe0gNNN/t8VfLfMExt5z/HIylXnU7 +pGUyqZlTGQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAHpLF1UCRy7b6Hk0rLokxI +lgwiH9BU9mktigAGASvkbllpt+YbUbWnuYAvpHBGiP1qZtfX2r96UrSJaGO9BEzT +Gp9ThnSjoj4Srul0+s/NArU22irFLmDzbalgevAmm9gMGkdqkiIm/mXbwrPj0ncl +KGicevXryVpvaP62eZ8cc3C4p97frMmXxRX8sTdQpD/gRI7prdEILRSKveqT+AEW +7rFGM5AOevb4U8ddop8A3D/kX0wcCAIBF6jCNk3uEJ57jVcagL04kPnVfdRiedTS +vfq1DRNcD29d1H/9u0fHdSn1/+8Ep3X+afQ3C6//5NvOEaXcIGO4QSwkprQydfv8 +-----END CERTIFICATE----- diff --git a/test/recipes/25-test_eai_data/kdc.sh b/test/recipes/25-test_eai_data/kdc.sh new file mode 100755 index 0000000000..7a8dbc719f --- /dev/null +++ b/test/recipes/25-test_eai_data/kdc.sh @@ -0,0 +1,41 @@ +#! /usr/bin/env bash + +# Create a root CA, signing a leaf cert with a KDC principal otherName SAN, and +# also a non-UTF8 smtpUtf8Mailbox SAN followed by an rfc822Name SAN and a DNS +# name SAN. In the vulnerable EAI code, the KDC principal `otherName` should +# trigger ASAN errors in DNS name checks, while the non-UTF8 `smtpUtf8Mailbox` +# should likewise lead to ASAN issues with email name checks. + +rm -f root-key.pem root-cert.pem +openssl req -nodes -new -newkey rsa:2048 -keyout kdc-root-key.pem \ + -x509 -subj /CN=Root -days 36524 -out kdc-root-cert.pem + +exts=$( + printf "%s\n%s\n%s\n%s = " \ + "subjectKeyIdentifier = hash" \ + "authorityKeyIdentifier = keyid" \ + "basicConstraints = CA:false" \ + "subjectAltName" + printf "%s, " "otherName:1.3.6.1.5.2.2;SEQUENCE:kdc_princ_name" + printf "%s, " "otherName:1.3.6.1.5.5.7.8.9;IA5:moe@example.com" + printf "%s, " "email:joe@example.com" + printf "%s\n" "DNS:mx1.example.com" + printf "[kdc_princ_name]\n" + printf "realm = EXP:0, GeneralString:TEST.EXAMPLE\n" + printf "principal_name = EXP:1, SEQUENCE:kdc_principal_seq\n" + printf "[kdc_principal_seq]\n" + printf "name_type = EXP:0, INTEGER:1\n" + printf "name_string = EXP:1, SEQUENCE:kdc_principal_components\n" + printf "[kdc_principal_components]\n" + printf "princ1 = GeneralString:krbtgt\n" + printf "princ2 = GeneralString:TEST.EXAMPLE\n" + ) + +printf "%s\n" "$exts" + +openssl req -nodes -new -newkey rsa:2048 -keyout kdc-key.pem \ + -subj "/CN=TEST.EXAMPLE" | + openssl x509 -req -out kdc-cert.pem \ + -CA "kdc-root-cert.pem" -CAkey "kdc-root-key.pem" \ + -set_serial 2 -days 36524 \ + -extfile <(printf "%s\n" "$exts") diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t index 50188cbae5..8c168b50f3 100644 --- a/test/recipes/25-test_req.t +++ b/test/recipes/25-test_req.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -15,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/; setup("test_req"); -plan tests => 107; +plan tests => 108; require_ok(srctop_file('test', 'recipes', 'tconversion.pl')); @@ -53,6 +53,7 @@ ok(!run(app([@addext_args, "-addext", $val, "-addext", $val2]))); ok(!run(app([@addext_args, "-addext", $val, "-addext", $val3]))); ok(!run(app([@addext_args, "-addext", $val2, "-addext", $val3]))); ok(run(app([@addext_args, "-addext", "SXNetID=1:one, 2:two, 3:three"]))); +ok(run(app([@addext_args, "-addext", "subjectAltName=dirName:dirname_sec"]))); # If a CSR is provided with neither of -key or -CA/-CAkey, this should fail. ok(!run(app(["openssl", "req", "-x509", diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t index 1c8fce86fd..80e9026556 100644 --- a/test/recipes/25-test_verify.t +++ b/test/recipes/25-test_verify.t @@ -61,7 +61,7 @@ ok(verify("ee-cert-ocsp-nocheck", "", ["root-cert"], ["ca-cert"]), ok(verify("ee-cert", "sslserver", [qw(sroot-cert)], [qw(ca-cert)]), "accept server purpose"); ok(!verify("ee-cert", "sslserver", [qw(croot-cert)], [qw(ca-cert)]), - "fail client purpose"); + "fail client purpose"); # beware, questionable non-standard EKU check on trust anchor ok(verify("ee-cert", "sslserver", [qw(root+serverAuth)], [qw(ca-cert)]), "accept server trust"); ok(verify("ee-cert", "sslserver", [qw(sroot+serverAuth)], [qw(ca-cert)]), @@ -81,7 +81,7 @@ ok(verify("ee-cert", "sslserver", [qw(root-clientAuth)], [qw(ca-cert)]), ok(verify("ee-cert", "sslserver", [qw(sroot-clientAuth)], [qw(ca-cert)]), "accept client mistrust with server purpose"); ok(!verify("ee-cert", "sslserver", [qw(croot-clientAuth)], [qw(ca-cert)]), - "fail client mistrust with client purpose"); + "fail client mistrust with client purpose"); # beware, questionable non-standard EKU check on trust anchor # Inapplicable trust ok(!verify("ee-cert", "sslserver", [qw(root+clientAuth)], [qw(ca-cert)]), "fail client trust"); @@ -150,7 +150,7 @@ ok(!verify("ee-cert", "sslserver", [qw(root-expired)], [qw(ca-cert)]), ok(verify("ee-cert", "sslserver", [qw(sca-cert)], [], "-partial_chain"), "accept partial chain with server purpose"); ok(!verify("ee-cert", "sslserver", [qw(cca-cert)], [], "-partial_chain"), - "fail partial chain with client purpose"); + "fail partial chain with client purpose"); # beware, questionable non-standard EKU check on trust anchor ok(verify("ee-cert", "sslserver", [qw(ca+serverAuth)], [], "-partial_chain"), "accept server trust partial chain"); ok(verify("ee-cert", "sslserver", [qw(cca+serverAuth)], [], "-partial_chain"), @@ -188,7 +188,7 @@ ok(verify("ee-cert", "sslserver", [qw(root-cert cca+serverAuth)], [qw(ca-cert)]) ok(verify("ee-cert", "sslserver", [qw(root-cert cca+anyEKU)], [qw(ca-cert)]), "accept wildcard trust and client purpose"); ok(!verify("ee-cert", "sslserver", [qw(root-cert cca-cert)], [qw(ca-cert)]), - "fail client purpose"); + "fail client purpose intermediate trusted"); # beware, questionable non-standard EKU check on trust anchor ok(!verify("ee-cert", "sslserver", [qw(root-cert ca-anyEKU)], [qw(ca-cert)]), "fail wildcard mistrust"); ok(!verify("ee-cert", "sslserver", [qw(root-cert ca-serverAuth)], [qw(ca-cert)]), diff --git a/test/recipes/25-test_x509.t b/test/recipes/25-test_x509.t index eeb8083506..2abc1b378d 100644 --- a/test/recipes/25-test_x509.t +++ b/test/recipes/25-test_x509.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -16,7 +16,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/; setup("test_x509"); -plan tests => 46; +plan tests => 48; # Prevent MSys2 filename munging for arguments that look like file paths but # aren't @@ -42,6 +42,18 @@ ok(run(app(["openssl", "x509", "-text", "-in", $pem, "-out", $out_utf8, is(cmp_text($out_utf8, $utf), 0, 'Comparing utf8 output with cyrillic.utf8'); +SKIP: { + skip "EdDSA disabled", 2 if disabled("ecx"); + + $pem = srctop_file(@certs, "tab-in-dn.pem"); + my $out_text = "out-tab-in-dn.text"; + my $text = srctop_file(@certs, "tab-in-dn.text"); + ok(run(app(["openssl", "x509", "-text", "-noout", + "-in", $pem, "-out", $out_text]))); + is(cmp_text($out_text, $text), + 0, 'Comparing default output with tab-in-dn.text'); +} + SKIP: { skip "DES disabled", 1 if disabled("des"); skip "Platform doesn't support command line UTF-8", 1 if $^O =~ /^(VMS|msys)$/; @@ -271,5 +283,7 @@ ok(-e $ca_serial_dot_in_dir); SKIP: { skip "EC is not supported by this OpenSSL build", 1 if disabled("ec"); - ok(run(test(["x509_test"])), "running x509_test"); + my $psscert = srctop_file(@certs, "ee-self-signed-pss.pem"); + + ok(run(test(["x509_test", $psscert])), "running x509_test"); } diff --git a/test/recipes/30-test_evp_byname.t b/test/recipes/30-test_evp_byname.t new file mode 100644 index 0000000000..d06e874fe9 --- /dev/null +++ b/test/recipes/30-test_evp_byname.t @@ -0,0 +1,16 @@ +#! /usr/bin/env perl +# Copyright 2024 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use OpenSSL::Test; +use OpenSSL::Test::Simple; +use OpenSSL::Test::Utils; + +setup("test_evp_byname"); + +simple_test("test_evp_byname", "evp_byname_test"); diff --git a/test/recipes/30-test_evp_data/evpciph_sm4.txt b/test/recipes/30-test_evp_data/evpciph_sm4.txt index 793f444761..993cf7b51e 100644 --- a/test/recipes/30-test_evp_data/evpciph_sm4.txt +++ b/test/recipes/30-test_evp_data/evpciph_sm4.txt @@ -1,5 +1,5 @@ # -# Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/30-test_evp_data/evpkdf_tls13_kdf.txt b/test/recipes/30-test_evp_data/evpkdf_tls13_kdf.txt index 9ad8b9fbd2..c7e7b4b5bf 100644 --- a/test/recipes/30-test_evp_data/evpkdf_tls13_kdf.txt +++ b/test/recipes/30-test_evp_data/evpkdf_tls13_kdf.txt @@ -4935,3 +4935,13 @@ Ctrl.mode = mode:EXTRACT_AND_EXPAND Ctrl.digest = digest:SHA256 Result = KDF_CTRL_ERROR +# Test that salt of arbitrary length works +FIPSversion = >=3.4.0 +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHA2-256 +Ctrl.key = hexkey:f8af6aea2d397baf2948a25b2834200692cff17eee9165e4e27babee9edefd05 +Ctrl.salt = hexsalt:00010203040506070809000102030405060708090001020304050607080900010203040506070809 +Ctrl.prefix = hexprefix:746c73313320 +Ctrl.label = hexlabel:64657269766564 +Output = ef0aa4925ab6f4588759e15dfadcf7602ca7aa39ebb092bd7ab48f6a68c54449 diff --git a/test/recipes/30-test_evp_data/evppkey_dsa.txt b/test/recipes/30-test_evp_data/evppkey_dsa.txt index debd62bca8..39f9a01343 100644 --- a/test/recipes/30-test_evp_data/evppkey_dsa.txt +++ b/test/recipes/30-test_evp_data/evppkey_dsa.txt @@ -1,5 +1,5 @@ # -# Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -270,6 +270,7 @@ Title = FIPS Tests (using different key sizes and digests) # Test sign with a 2048 bit key with N == 160 is not allowed in fips mode Availablein = fips +FIPSversion = <3.4.0 DigestSign = SHA256 Key = DSA-2048-160 Input = "Hello" @@ -324,6 +325,7 @@ Title = Fips Negative Tests (using different key sizes and digests) # Test sign with a 1024 bit key is not allowed in fips mode Availablein = fips +FIPSversion = <3.4.0 DigestSign = SHA256 Securitycheck = 1 Key = DSA-1024-FIPS186-2 @@ -340,6 +342,7 @@ Result = DIGESTSIGNINIT_ERROR # Test sign with a 3072 bit key with N == 224 is not allowed in fips mode Availablein = fips +FIPSversion = <3.4.0 DigestSign = SHA256 Securitycheck = 1 Key = DSA-3072-224 @@ -348,6 +351,7 @@ Result = DIGESTSIGNINIT_ERROR # Test sign with a 4096 bit key is not allowed in fips mode Availablein = fips +FIPSversion = <3.4.0 DigestSign = SHA256 Securitycheck = 1 Key = DSA-4096-256 diff --git a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt index 1543ed9f75..1f9ce93cd1 100644 --- a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt +++ b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt @@ -1,5 +1,5 @@ # -# Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -216,6 +216,7 @@ Result = DIGESTSIGNINIT_ERROR # Test that SHA1 is not allowed in fips mode for signing Availablein = fips +FIPSversion = <3.4.0 Sign = P-256 Securitycheck = 1 Ctrl = digest:SHA1 diff --git a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt index 76ddc1ec60..1c49017aad 100644 --- a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt +++ b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt @@ -1,5 +1,5 @@ # -# Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1831,6 +1831,7 @@ Output = 80382819f51b197c42f9fc02a85198683d918059afc013ae155992442563dd289700829 # Signing with SHA1 is not allowed in fips mode Availablein = fips +FIPSversion = <3.4.0 DigestSign = SHA1 Securitycheck = 1 Key = RSA-2048 diff --git a/test/recipes/30-test_pairwise_fail.t b/test/recipes/30-test_pairwise_fail.t index 6bdf04d37c..a101a26fb1 100644 --- a/test/recipes/30-test_pairwise_fail.t +++ b/test/recipes/30-test_pairwise_fail.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/30-test_prov_config.t b/test/recipes/30-test_prov_config.t index 7f6350fd84..1ef8736209 100644 --- a/test/recipes/30-test_prov_config.t +++ b/test/recipes/30-test_prov_config.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -23,13 +23,15 @@ my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); plan tests => 2; ok(run(test(["prov_config_test", srctop_file("test", "default.cnf"), - srctop_file("test", "recursive.cnf")])), + srctop_file("test", "recursive.cnf"), + srctop_file("test", "pathed.cnf")])), "running prov_config_test default.cnf"); SKIP: { skip "Skipping FIPS test in this build", 1 if $no_fips; ok(run(test(["prov_config_test", srctop_file("test", "fips.cnf"), - srctop_file("test", "recursive.cnf")])), + srctop_file("test", "recursive.cnf"), + srctop_file("test", "pathed.cnf")])), "running prov_config_test fips.cnf"); } diff --git a/test/recipes/61-test_bio_pw_callback.t b/test/recipes/61-test_bio_pw_callback.t new file mode 100644 index 0000000000..4cb1db1f58 --- /dev/null +++ b/test/recipes/61-test_bio_pw_callback.t @@ -0,0 +1,20 @@ +#! /usr/bin/env perl +# Copyright 2024 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use warnings; + +use OpenSSL::Test qw(:DEFAULT data_file); + +setup('test_bio_pw_callback'); + +plan tests => 1; + +my $private_key_path = data_file("private_key.pem"); +ok(run(test(["bio_pw_callback_test", "-keyfile", $private_key_path])), + "Running bio_pw_callback_test"); diff --git a/test/recipes/61-test_bio_pw_callback_data/private_key.pem b/test/recipes/61-test_bio_pw_callback_data/private_key.pem new file mode 100644 index 0000000000..f9c9ae5dbc --- /dev/null +++ b/test/recipes/61-test_bio_pw_callback_data/private_key.pem @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFNTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQmftpln/ZNiEznncq ++u0FuwICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEBO5TGcD0mGTfRS8 +HgafEXYEggTQOasEXPm4ChGPzfXACYhaAtMFnfL9qpI1S30bHMUHsWuXLZDFPNty +7KNKWr35woaq3XFEeul7onszcBBRrRwPkTqOifuv/J01s7oS0uC6jwbvSkAFNjHe +jkgvMMQA3y7nwZ2wSwVjO2K91qasTjNivus3ZaCvGqGpgNckEXILPZJEdWteWP+1 +SN9zLxxeHwgt5SrMfylrTghLB8b119/uq4GnOYHZdhMbp4YmneuGqvlZ7nle7qLY +33tuM5deajk9hINLfbYWGwURaOZ+r++Rvrz4OxISfe70uXT+2fcSZPVkNT5a6B5T +9rCwdF69W/+3au50gfc2VEF/xZBajxLI0PBpMSpxNE3a5/3YLKXAs+z0YJdQKNhN +U+SpOUv8D2GraJVfP7MddO2JvETh8w7tGN/a8qSw07Z91SE3Vfuq0l5PheC/vXJq +/xxU3YSbZC7LCSZn1aXBlj9KbTh2o1ARzdJsVYo1xY2OIFtFpncOjQDuaAmsNcZE +CuB9FUcBwwO/bjooIkv4lJU+DWDxrCR7Si8PZ4hHgXCXXKiXA20SBccUYm0Z4HR3 +i2tm9UTwAuCy1BF7hRmPLIyvlgtlKh2V9Cre5j86GoKTmPh/q5DHdSmNAM8Aakct +GdQgscOXRmHq7/1nec28wEhlbqVyYJ45MZbWhBTrycMru/ch9+ZnsIgPXLfbBA+P +6GHK1DF+onKZtMkH0SNMU3X1arlJKRreVQsvkbgL7aw3mI0veYa4/tJUf7hbkPpA +LArQU5wQ+A9mzC+tYMfz3mrIE05FrpYkHRxiB/odeNvCTMR7DhGoghhnYUN/gSSN +qH5EBG2hQ/pJ5ZSawE+P9+vCLlvcc4n00zgi0s3rMN2AntPZoI3sWKZcbbgJoOIH +cbAmBAKCIiwmlPmI0hjEAIXRBixJzHVGNowuSc3jy5pIiSjmDESnARl+n5imqI3D +po9OuCHpo4nRLcAX0GrJqqKxUG+R1A8g/AooIGEPQgkXk/4v9gwd4aBvwT4YxR44 +onAXdyBMM0T8C+8dUmT6OPvU5w6JHFidJfhBgJhDIdj9JM+wWdr1CW94todjEyKY +Xe3NRG1bGbcN6HBVwbe4UZ39A9p4kKGyiXexlsD+DvFxwaGvSy2rp0lLabz19Kkr +fnLU1Ugb38AnEYTGYJMB9nO19lHW62Mk6+9ky42x8X9vBn81Nif/c0kmvEKsZEfw +UM7m0fIWTZOWSH01DGIXqCoCk7vJ1CSm0wUsAvyKFLm1qnM5eJJNMlBbayDDBsnU +Jj9hx7GWjujVKFwFngUOoFpmFWB72bqeBWenaQJhIVydQa1rolny0TECJIkFOsUK +Wa0y52V4h68Ig5G5p2WHG0RlEVtmcgzSoL1mLE5UdOYaH5oB7nTVM+Z0b8HJFrYc +7Xhym8uNq6UHc4Ae6TT8EA3lA3fDttedKzWxlBFXqX9behl2uBnPzCl3cS2G2Uek +xtexjecZINP8L5i6eIL7bPoVMF5CUsUhIWFA0gzIovRBRvVS91HnTrIDLvqF8YgQ +ToctUU/vS8r3x2/TIR60UBvW0vkoFa+lfzHtsxBnT1nMBZNeeHOCM8QtboyI9Ir9 +UkJbTO+QpJQ5A3ELharpcqr7iywDOnLSV9LZSUZr934zOrRl2oAXx/0= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/test/recipes/70-test_npn.t b/test/recipes/70-test_npn.t new file mode 100644 index 0000000000..f82e71af6a --- /dev/null +++ b/test/recipes/70-test_npn.t @@ -0,0 +1,73 @@ +#! /usr/bin/env perl +# Copyright 2024 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file/; +use OpenSSL::Test::Utils; + +use TLSProxy::Proxy; + +my $test_name = "test_npn"; +setup($test_name); + +plan skip_all => "TLSProxy isn't usable on $^O" + if $^O =~ /^(VMS)$/; + +plan skip_all => "$test_name needs the dynamic engine feature enabled" + if disabled("engine") || disabled("dynamic-engine"); + +plan skip_all => "$test_name needs the sock feature enabled" + if disabled("sock"); + +plan skip_all => "$test_name needs NPN enabled" + if disabled("nextprotoneg"); + +plan skip_all => "$test_name needs TLSv1.2 enabled" + if disabled("tls1_2"); + +my $proxy = TLSProxy::Proxy->new( + undef, + cmdstr(app(["openssl"]), display => 1), + srctop_file("apps", "server.pem"), + (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) +); + +$proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; +plan tests => 1; + +my $npnseen = 0; + +# Test 1: Check sending an empty NextProto message from the client works. This is +# valid as per the spec, but OpenSSL does not allow you to send it. +# Therefore we must be prepared to receive such a message but we cannot +# generate it except via TLSProxy +$proxy->clear(); +$proxy->filter(\&npn_filter); +$proxy->clientflags("-nextprotoneg foo -no_tls1_3"); +$proxy->serverflags("-nextprotoneg foo"); +$proxy->start(); +ok($npnseen && TLSProxy::Message->success(), "Empty NPN message"); + +sub npn_filter +{ + my $proxy = shift; + my $message; + + # The NextProto message always appears in flight 2 + return if $proxy->flight != 2; + + foreach my $message (@{$proxy->message_list}) { + if ($message->mt == TLSProxy::Message::MT_NEXT_PROTO) { + # Our TLSproxy NextProto message support doesn't support parsing of + # the message. If we repack it just creates an empty NextProto + # message - which is exactly the scenario we want to test here. + $message->repack(); + $npnseen = 1; + } + } +} diff --git a/test/recipes/70-test_quic_multistream.t b/test/recipes/70-test_quic_multistream.t index 4427209a84..7ab66f7e31 100644 --- a/test/recipes/70-test_quic_multistream.t +++ b/test/recipes/70-test_quic_multistream.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -9,7 +9,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file result_dir data_file/; use OpenSSL::Test::Utils; use File::Temp qw(tempfile); -use File::Path 2.00 qw(rmtree); +use File::Path 2.00 qw(rmtree mkpath); setup("test_quic_multistream"); @@ -18,8 +18,9 @@ plan skip_all => "QUIC protocol is not supported by this OpenSSL build" plan tests => 2; -if (!disabled('qlog') && $ENV{OSSL_RUN_CI_TESTS} == "1") { - my $qlog_output = result_dir("qlog-output"); +my $qlog_output; +if (!disabled('qlog')) { + $qlog_output = result_dir("qlog-output"); print "# Writing qlog output to $qlog_output\n"; rmtree($qlog_output, { safe => 1 }); mkdir($qlog_output); diff --git a/test/recipes/70-test_quic_qlog.t b/test/recipes/70-test_quic_qlog.t index 0537a5a9d6..a49c898ae0 100644 --- a/test/recipes/70-test_quic_qlog.t +++ b/test/recipes/70-test_quic_qlog.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/70-test_quic_rcidm.t b/test/recipes/70-test_quic_rcidm.t index a00f381eb6..6bc84976e0 100644 --- a/test/recipes/70-test_quic_rcidm.t +++ b/test/recipes/70-test_quic_rcidm.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/70-test_sslcbcpadding.t b/test/recipes/70-test_sslcbcpadding.t index e49efb28e2..6628192618 100644 --- a/test/recipes/70-test_sslcbcpadding.t +++ b/test/recipes/70-test_sslcbcpadding.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/70-test_sslrecords.t b/test/recipes/70-test_sslrecords.t index 2ea6421bf3..691db13b8a 100644 --- a/test/recipes/70-test_sslrecords.t +++ b/test/recipes/70-test_sslrecords.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/70-test_tls13hrr.t b/test/recipes/70-test_tls13hrr.t index c49a6be88b..d9f6c00d4b 100644 --- a/test/recipes/70-test_tls13hrr.t +++ b/test/recipes/70-test_tls13hrr.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/75-test_json_enc.t b/test/recipes/75-test_json_enc.t index d8d5a9633b..cc28ee9aba 100644 --- a/test/recipes/75-test_json_enc.t +++ b/test/recipes/75-test_json_enc.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/80-test_cmp_http.t b/test/recipes/80-test_cmp_http.t index 62ce1bd169..36d7f372fa 100644 --- a/test/recipes/80-test_cmp_http.t +++ b/test/recipes/80-test_cmp_http.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved. # Copyright Nokia 2007-2019 # Copyright Siemens AG 2015-2019 # @@ -130,11 +130,10 @@ my @all_aspects = ("connection", "verification", "credentials", "commands", "enr @all_aspects = split /\s+/, $ENV{OPENSSL_CMP_ASPECTS} if $ENV{OPENSSL_CMP_ASPECTS}; # set env variable, e.g., OPENSSL_CMP_ASPECTS="commands enrollment" to select specific aspects +my $Mock_serverlog; my $faillog; -my $file = $ENV{HARNESS_FAILLOG}; # pathname relative to result_dir -if ($file) { - open($faillog, ">", $file) or die "Cannot open '$file' for writing: $!"; -} +my $faillog_file = $ENV{HARNESS_FAILLOG} // "failed_client_invocations.txt"; # pathname relative to result_dir +open($faillog, ">", $faillog_file) or die "Cannot open '$faillog_file' for writing: $!"; sub test_cmp_http { my $server_name = shift; @@ -144,7 +143,7 @@ sub test_cmp_http { my $title = shift; my $params = shift; my $expected_result = shift; - $params = [ '-server', "127.0.0.1:$server_port", @$params ] + $params = [ '-server', "$server_host:$server_port", @$params ] if ($server_name eq "Mock" && !(grep { $_ eq '-server' } @$params)); my $cmd = app([@app, @$params]); @@ -177,6 +176,17 @@ sub test_cmp_http_aspect { # not unlinking test.cert.pem, test.cacerts.pem, and test.extracerts.pem } +sub print_file_prefixed { + my ($file, $desc) = @_; + print "$desc (each line prefixed by \"# \"):\n"; + if (open F, $file) { + while () { + print "# $_"; + } + close F; + } +} + # The input files for the tests done here dynamically depend on the test server # selected (where the mock server used by default is just one possibility). # On the other hand the main test configuration file test.cnf, which references @@ -215,14 +225,28 @@ indir data_dir() => sub { test_cmp_http_aspect($server_name, $aspect, $tests); }; }; - stop_server($server_name, $pid) if $pid; - ok(1, "$server_name server has terminated"); + + if ($server_name eq "Mock") { + stop_server($server_name, $pid) if $pid; + ok(1, "$server_name server has terminated"); + + if (-s $faillog) { + indir "Mock" => sub { + print_file_prefixed($Mock_serverlog, "$server_name server STDERR output is"); + } + } + } } } }; }; close($faillog) if $faillog; +if (-s $faillog_file) { + print "# ------------------------------------------------------------------------------\n"; + print_file_prefixed($faillog_file, "Failed client invocations are"); + print "# ------------------------------------------------------------------------------\n"; +} sub load_tests { my $server_name = shift; @@ -252,14 +276,15 @@ sub load_tests { next LOOP if $server_tls == 0 && $line =~ m/,\s*-tls_used\s*,/; my $noproxy = $no_proxy; + my $server_plain = $server_host =~ m/^\[(.*)\]$/ ? $1 : $server_host; if ($line =~ m/,\s*-no_proxy\s*,(.*?)(,|$)/) { $noproxy = $1; - } elsif ($server_host eq "127.0.0.1") { + } elsif ($server_plain eq "127.0.0.1" || $server_plain eq "::1") { # do connections to localhost (e.g., mock server) without proxy - $line =~ s{-section,,}{-section,,-no_proxy,127.0.0.1,} ; + $line =~ s{-section,,}{-section,,-no_proxy,$server_plain,} ; } if ($line =~ m/,\s*-proxy\s*,/) { - next LOOP if $no_proxy && ($noproxy =~ $server_host); + next LOOP if $no_proxy && ($noproxy =~ $server_plain); } else { $line =~ s{-section,,}{-section,,-proxy,$proxy,}; } @@ -292,7 +317,8 @@ sub start_server { $args ? $args : ()]), display => 1); print "Current directory is ".getcwd()."\n"; print "Launching $server_name server: $cmd\n"; - my $pid = open($server_fh, "$cmd|"); + $Mock_serverlog = result_dir()."/Mock_server_STDERR.txt"; + my $pid = open($server_fh, "$cmd 2>$Mock_serverlog |"); unless ($pid) { print "Error launching $cmd, cannot obtain $server_name server PID"; return 0; @@ -301,27 +327,32 @@ sub start_server { if ($server_host eq '*' || $server_port == 0) { # Find out the actual server host and port and possibly different PID + my ($host, $port); $pid = 0; while (<$server_fh>) { print "$server_name server output: $_"; next if m/using section/; s/\R$//; # Better chomp - ($server_host, $server_port, $pid) = ($1, $2, $3) + ($host, $port, $pid) = ($1, $2, $3) if /^ACCEPT\s(.*?):(\d+) PID=(\d+)$/; last; # Do not loop further to prevent hangs on server misbehavior } - $server_host = "[::1]" if $server_host eq "[::]"; - $server_host = "127.0.0.1" if $server_host eq "0.0.0.0"; + if ($server_host eq '*' && defined $host) { + $server_host = "[::1]" if $host eq "[::]"; + $server_host = "127.0.0.1" if $host eq "0.0.0.0"; + } + $server_port = $port if $server_port == 0 && defined $port; } - unless ($server_port > 0) { + if ($server_host eq '*' || $server_port == 0) { stop_server($server_name, $pid) if $pid; - print "Cannot get expected output from the $server_name server"; + print "Cannot get expected output from the $server_name server\n"; return 0; } $kur_port = $server_port if $kur_port eq "\$server_port"; $pbm_port = $server_port if $pbm_port eq "\$server_port"; $server_tls = $server_port if $server_tls; return $pid; + } sub stop_server { diff --git a/test/recipes/80-test_cmp_http_data/Mock/test.cnf b/test/recipes/80-test_cmp_http_data/Mock/test.cnf index 50ad8c5177..3276001fec 100644 --- a/test/recipes/80-test_cmp_http_data/Mock/test.cnf +++ b/test/recipes/80-test_cmp_http_data/Mock/test.cnf @@ -1,7 +1,7 @@ [default] batch = 1 # do not use stdin -total_timeout = 20 # is used to prevent, e.g., infinite polling due to error; -# should hopefully be enough to cover delays caused by the underlying system +total_timeout = 120 # is used to prevent, e.g., infinite polling due to error; +# should now really be enough to cover delays caused by the underlying system trusted = trusted.crt newkey = new.key newkeypass = @@ -17,11 +17,11 @@ policies = certificatePolicies [Mock] # the built-in OpenSSL CMP mock server # no_check_time = 1 -server_host = 127.0.0.1 # localhost +server_host = * # to be determined by server: 127.0.0.1 or ::1 (localhost) server_port = 0 # 0 means that the port is determined by the server server_tls = $server_port server_cert = server.crt -server = $server_host:$server_port +# server = $server_host:$server_port server_path = pkix/ path = $server_path ca_dn = /CN=Root CA diff --git a/test/recipes/80-test_cmp_http_data/test_commands.csv b/test/recipes/80-test_cmp_http_data/test_commands.csv index 6aa18599b1..aabf2dc1e6 100644 --- a/test/recipes/80-test_cmp_http_data/test_commands.csv +++ b/test/recipes/80-test_cmp_http_data/test_commands.csv @@ -77,7 +77,7 @@ expected,description, -section,val, -cmd,val,val2, -cacertsout,val,val2, -infoty 0,genm rootCaCert oldwithold empty file , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,, -oldwithold, empty.txt , -newwithnew, _RESULT_DIR/test.newwithnew.pem 0,genm rootCaCert oldwithold random file , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,, -oldwithold, random.bin , -newwithnew, _RESULT_DIR/test.newwithnew.pem 0,genm rootCaCert oldwithold nonexistent , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,, -oldwithold, idontexist , -newwithnew, _RESULT_DIR/test.newwithnew.pem -0,genm rootCaCert oldwithold wrong , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,, -oldwithold, signer.crt , -newwithnew, _RESULT_DIR/test.newwithnew.pem +1,genm rootCaCert oldwithold different , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,, -oldwithold, signer.crt , -newwithnew, _RESULT_DIR/test.newwithnew.pem 0,genm rootCaCert missing newwithnew , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,, -oldwithold, oldWithOld.pem, BLANK ,, 0,genm rootCaCert newwithnew missing arg , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,, -oldwithold, oldWithOld.pem, -newwithnew,, 1,genm rootCaCert with oldwithnew , -section,, -cmd,genm,, BLANK,,, -infotype,rootCaCert,, -oldwithold, oldWithOld.pem, -newwithnew, _RESULT_DIR/test.newwithnew1.pem, -oldwithnew, _RESULT_DIR/test.oldwithnew1.pem diff --git a/test/recipes/80-test_cmp_http_data/test_connection.csv b/test/recipes/80-test_cmp_http_data/test_connection.csv index 94916e89f3..bab3f37110 100644 --- a/test/recipes/80-test_cmp_http_data/test_connection.csv +++ b/test/recipes/80-test_cmp_http_data/test_connection.csv @@ -2,7 +2,7 @@ expected,description, -section,val, -server,val, -proxy,val, -no_proxy,val, -tls ,Message transfer options:,,,,,,,,,,,,,,,,,, ,,,,,,,,,,,,,,,,,,, 1,default config, -section,,,,,,,,BLANK,,,,BLANK,,BLANK,,BLANK, -1,server domain name, -section,, -server,localhost:_SERVER_PORT,,,,,,,,,,,,,, +disabled as not supported by some host IP configurations,server domain name, -section,, -server,_SERVER_HOST:_SERVER_PORT,,,,,,,,,,,,,, ,,,,,,,,,,,,,,,,,,, 0,wrong server, -section,, -server,xn--rksmrgs-5wao1o.example.com:_SERVER_PORT,,,,,BLANK,,,, -msg_timeout,1,BLANK,,BLANK, 0,wrong server port, -section,, -server,_SERVER_HOST:99,,,,,BLANK,,,, -msg_timeout,1,BLANK,,BLANK, diff --git a/test/recipes/80-test_cmp_http_data/test_enrollment.csv b/test/recipes/80-test_cmp_http_data/test_enrollment.csv index 3d14c78a46..a66afdc837 100644 --- a/test/recipes/80-test_cmp_http_data/test_enrollment.csv +++ b/test/recipes/80-test_cmp_http_data/test_enrollment.csv @@ -66,7 +66,9 @@ expected,description, -section,val, -cmd,val, -newkey,val,val, -newkeypass,val, 1,disable_confirm, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -disable_confirm,, -certout,_RESULT_DIR/test.certout_disable.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, 0,disable_confirm with parameter, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -disable_confirm,abc, -certout,_RESULT_DIR/test.certout_disable1.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, -1,use certout (and chainout), -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, ,,, -out_trusted,root.crt,,BLANK,,BLANK,,,,-cert,_RESULT_DIR/test.certout_newkey.pem,-untrusted,_RESULT_DIR/test.chainout.pem +1,use certout (and chainout) , -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, ,,, -out_trusted,root.crt,,BLANK,,BLANK,,,,-cert,_RESULT_DIR/test.certout_newkey.pem,-untrusted,_RESULT_DIR/test.chainout.pem +1,certout and chainout sent to same file, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, ,,, -out_trusted,root.crt,,BLANK,,BLANK,,,,-certout,_RESULT_DIR/test.certout_chainout.pem,,-chainout,_RESULT_DIR/test.certout_chainout.pem +1,use certout and chainout from same file, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, ,,, -out_trusted,root.crt,,BLANK,,BLANK,,,,-cert,_RESULT_DIR/test.certout_chainout.pem,-untrusted,"""" 0,no certout, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,"""",, -out_trusted,root.crt,,BLANK,,BLANK,,, 0,certout missing arg, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,,, -out_trusted,root.crt,,BLANK,,BLANK,,, 0,certout is non-existing directory and file, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,idontexist/idontexist,, -out_trusted,root.crt,,BLANK,,BLANK,,, diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t index 6a9792128b..088098ab87 100644 --- a/test/recipes/80-test_cms.t +++ b/test/recipes/80-test_cms.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -25,6 +25,7 @@ use lib srctop_dir('Configurations'); use lib bldtop_dir('.'); my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); +my $old_fips = 0; plan skip_all => "CMS is not supported by this OpenSSL build" if disabled("cms"); @@ -50,13 +51,17 @@ my ($no_des, $no_dh, $no_dsa, $no_ec, $no_ec2m, $no_rc2, $no_zlib) $no_rc2 = 1 if disabled("legacy"); -plan tests => 23; +plan tests => 24; ok(run(test(["pkcs7_test"])), "test pkcs7"); unless ($no_fips) { - @config = ( "-config", srctop_file("test", "fips-and-base.cnf") ); + my $provconf = srctop_file("test", "fips-and-base.cnf"); + @config = ( "-config", $provconf ); $provname = 'fips'; + + run(test(["fips_version_test", "-config", $provconf, "<3.4.0"]), + capture => 1, statusvar => $old_fips); } $ENV{OPENSSL_TEST_LIBCTX} = "1"; @@ -342,6 +347,16 @@ my @smime_cms_tests = ( \&final_compare ], + [ "enveloped content test streaming PEM format, AES-128-CBC cipher, password", + [ "{cmd1}", @prov, "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes128", + "-stream", "-out", "{output}.cms", + "-pwri_password", "test" ], + [ "{cmd2}", @prov, "-decrypt", "-in", "{output}.cms", "-out", "{output}.txt", + "-inform", "PEM", + "-pwri_password", "test" ], + \&final_compare + ], + [ "data content test streaming PEM format", [ "{cmd1}", @prov, "-data_create", "-in", $smcont, "-outform", "PEM", "-nodetach", "-stream", "-out", "{output}.cms" ], @@ -394,6 +409,13 @@ my @smime_cms_tests = ( "-out", "{output}.txt" ], \&final_compare ], + + [ "encrypted content test streaming PEM format -noout, 128 bit AES key", + [ "{cmd1}", @prov, "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM", + "-aes128", "-secretkey", "000102030405060708090A0B0C0D0E0F", + "-stream", "-noout" ], + [ "{cmd2}", @prov, "-help" ] + ], ); my @smime_cms_cades_tests = ( @@ -604,6 +626,7 @@ my @smime_cms_param_tests = ( "-stream", "-out", "{output}.cms", "-recip", catfile($smdir, "smec1.pem"), "-aes128", "-keyopt", "ecdh_kdf_md:sha256" ], + sub { my %opts = @_; smimeType_matches("$opts{output}.cms", "enveloped-data"); }, [ "{cmd2}", @prov, "-decrypt", "-recip", catfile($smdir, "smec1.pem"), "-in", "{output}.cms", "-out", "{output}.txt" ], \&final_compare @@ -613,6 +636,7 @@ my @smime_cms_param_tests = ( [ "{cmd1}", @prov, "-encrypt", "-in", $smcont, "-stream", "-out", "{output}.cms", "-recip", catfile($smdir, "smec1.pem"), "-aes-128-gcm", "-keyopt", "ecdh_kdf_md:sha256" ], + sub { my %opts = @_; smimeType_matches("$opts{output}.cms", "authEnveloped-data"); }, [ "{cmd2}", "-decrypt", "-recip", catfile($smdir, "smec1.pem"), "-in", "{output}.cms", "-out", "{output}.txt" ], \&final_compare @@ -626,18 +650,23 @@ my @smime_cms_param_tests = ( [ "{cmd2}", @prov, "-decrypt", "-recip", catfile($smdir, "smec2.pem"), "-in", "{output}.cms", "-out", "{output}.txt" ], \&final_compare - ], - - [ "enveloped content test streaming S/MIME format, X9.42 DH", - [ "{cmd1}", @prov, "-encrypt", "-in", $smcont, - "-stream", "-out", "{output}.cms", - "-recip", catfile($smdir, "smdh.pem"), "-aes128" ], - [ "{cmd2}", @prov, "-decrypt", "-recip", catfile($smdir, "smdh.pem"), - "-in", "{output}.cms", "-out", "{output}.txt" ], - \&final_compare ] ); +if ($no_fips || $old_fips) { + # Only SHA1 supported in dh_cms_encrypt() + push(@smime_cms_param_tests, + [ "enveloped content test streaming S/MIME format, X9.42 DH", + [ "{cmd1}", @prov, "-encrypt", "-in", $smcont, + "-stream", "-out", "{output}.cms", + "-recip", catfile($smdir, "smdh.pem"), "-aes128" ], + [ "{cmd2}", @prov, "-decrypt", "-recip", catfile($smdir, "smdh.pem"), + "-in", "{output}.cms", "-out", "{output}.txt" ], + \&final_compare + ] + ); +} + my @smime_cms_param_tests_autodigestmax = ( [ "signed content test streaming PEM format, RSA keys, PSS signature, saltlen=auto-digestmax, digestsize < maximum salt length", [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", @@ -816,6 +845,28 @@ sub contentType_matches { return scalar(@c); } +# Returns 1 if the smime-type matches the passed parameter, otherwise 0. +sub smimeType_matches { + my ($in, $expected_smime_type) = @_; + + # Read the text file + open(my $fh, '<', $in) or die("open failed for $in : $!"); + local $/; + my $content = <$fh>; + close($fh); + + # Extract the Content-Type line with the smime-type attribute + if ($content =~ /Content-Type:\s*application\/pkcs7-mime.*smime-type=([^\s;]+)/) { + my $smime_type = $1; + + # Compare the extracted smime-type with the expected value + return ($smime_type eq $expected_smime_type) ? 1 : 0; + } + + # If no smime-type is found, return 0 + return 0; +} + sub rsapssSaltlen { my ($in) = @_; my $exit = 0; @@ -1132,6 +1183,22 @@ ok(!run(app(['openssl', 'cms', '-verify', ])), "issue#19643"); +# Check that kari encryption with originator does not segfault +with({ exit_checker => sub { return shift == 3; } }, + sub { + SKIP: { + skip "EC is not supported in this build", 1 if $no_ec; + + ok(run(app(['openssl', 'cms', '-encrypt', + '-in', srctop_file("test", "smcont.txt"), '-aes128', + '-recip', catfile($smdir, "smec1.pem"), + '-originator', catfile($smdir, "smec3.pem"), + '-inkey', catfile($smdir, "smec3.pem") + ])), + "Check failure for currently not supported kari encryption with static originator"); + } + }); + # Check that we get the expected failure return code with({ exit_checker => sub { return shift == 6; } }, sub { diff --git a/test/recipes/80-test_pkcs12.t b/test/recipes/80-test_pkcs12.t index 817b0bf064..999129a030 100644 --- a/test/recipes/80-test_pkcs12.t +++ b/test/recipes/80-test_pkcs12.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -54,7 +54,7 @@ if (eval { require Win32::API; 1; }) { } $ENV{OPENSSL_WIN32_UTF8}=1; -plan tests => 28; +plan tests => 31; # Test different PKCS#12 formats ok(run(test(["pkcs12_format_test"])), "test pkcs12 formats"); @@ -184,11 +184,23 @@ with({ exit_checker => sub { return shift == 1; } }, "-nomacver"])), "test bad pkcs12 file 1 (nomacver)"); + ok(run(app(["openssl", "pkcs12", "-in", $bad1, "-password", "pass:", + "-info"])), + "test bad pkcs12 file 1 (info)"); + ok(run(app(["openssl", "pkcs12", "-in", $bad2, "-password", "pass:"])), "test bad pkcs12 file 2"); + ok(run(app(["openssl", "pkcs12", "-in", $bad2, "-password", "pass:", + "-info"])), + "test bad pkcs12 file 2 (info)"); + ok(run(app(["openssl", "pkcs12", "-in", $bad3, "-password", "pass:"])), "test bad pkcs12 file 3"); + + ok(run(app(["openssl", "pkcs12", "-in", $bad3, "-password", "pass:", + "-info"])), + "test bad pkcs12 file 3 (info)"); }); # Test with Oracle Trusted Key Usage specified in openssl.cnf diff --git a/test/recipes/82-test_ocsp_cert_chain.t b/test/recipes/82-test_ocsp_cert_chain.t index 4764c30aa4..a0c3737be8 100644 --- a/test/recipes/82-test_ocsp_cert_chain.t +++ b/test/recipes/82-test_ocsp_cert_chain.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -85,9 +85,11 @@ sub run_test { print("ocsp server ready, listening on port $ocsp_port\n"); - # openssl s_server -accept 0 -cert server.pem -cert_chain intermediate-cert.pem \ + # openssl s_server -accept 0 -naccept 1 \ + # -cert server.pem -cert_chain intermediate-cert.pem \ # -status_verbose -status_url http://localhost:19254/ocsp - my @s_server_cmd = ("s_server", "-accept", "0", "-cert", $server_pem, "-cert_chain", $intermediate_cert_pem, + my @s_server_cmd = ("s_server", "-accept", "0", "-naccept", "1", + "-cert", $server_pem, "-cert_chain", $intermediate_cert_pem, "-status_verbose", "-status_url", "http://localhost:${ocsp_port}/ocsp"); my $s_server_pid = open3(my $s_server_i, my $s_server_o, my $s_server_e = gensym, $shlib_wrap, $apps_openssl, @s_server_cmd); @@ -118,6 +120,9 @@ sub run_test { my @s_client_cmd = ("s_client", "-connect", "localhost:$server_port", "-status", "-verify_return_error"); my $s_client_pid = open3(my $s_client_i, my $s_client_o, my $s_client_e = gensym, $shlib_wrap, $apps_openssl, @s_client_cmd); + waitpid($s_client_pid, 0); + kill 'HUP', $s_server_pid, $ocsp_pid; + ### the output from s_server that we want to check is written to its stderr ### cert_status: ocsp response sent: @@ -131,9 +136,6 @@ sub run_test { } } ok($resp == 1, "check s_server sent ocsp response"); - - waitpid($s_client_pid, 0); - kill 'HUP', $s_server_pid, $ocsp_pid; } run_test(); diff --git a/test/recipes/90-test_shlibload.t b/test/recipes/90-test_shlibload.t index ccd7fa43e3..67afff607e 100644 --- a/test/recipes/90-test_shlibload.t +++ b/test/recipes/90-test_shlibload.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/90-test_sslapi.t b/test/recipes/90-test_sslapi.t index 18d9f3d204..f4126ba8b9 100644 --- a/test/recipes/90-test_sslapi.t +++ b/test/recipes/90-test_sslapi.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -7,16 +7,13 @@ # https://www.openssl.org/source/license.html use OpenSSL::Test::Utils; -use OpenSSL::Test qw/:DEFAULT srctop_file srctop_dir bldtop_dir bldtop_file/; +use OpenSSL::Test qw/:DEFAULT srctop_file srctop_dir bldtop_dir bldtop_file result_dir result_file/; use File::Temp qw(tempfile); BEGIN { setup("test_sslapi"); } -use lib srctop_dir('Configurations'); -use lib bldtop_dir('.'); - my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); my $fipsmodcfg_filename = "fipsmodule.cnf"; my $fipsmodcfg = bldtop_file("test", $fipsmodcfg_filename); @@ -25,10 +22,10 @@ my $provconf = srctop_file("test", "fips-and-base.cnf"); # A modified copy of "fipsmodule.cnf" my $fipsmodcfgnew_filename = "fipsmodule_mod.cnf"; -my $fipsmodcfgnew = bldtop_file("test", $fipsmodcfgnew_filename); +my $fipsmodcfgnew = result_file($fipsmodcfgnew_filename); # A modified copy of "fips-and-base.cnf" -my $provconfnew = bldtop_file("test", "temp.cnf"); +my $provconfnew = result_file("fips-and-base-temp.cnf"); plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build" if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls")); @@ -51,6 +48,9 @@ SKIP: { skip "Skipping FIPS tests", 2 if $no_fips; + # NOTE that because by default we setup fips provider in pedantic mode, + # with >= 3.1.0 this just runs test_no_ems() to check that the connection + # fails if ems is not used and the fips check is enabled. ok(run(test(["sslapitest", srctop_dir("test", "certs"), srctop_file("test", "recipes", "90-test_sslapi_data", "passwd.txt"), $tmpfilename, "fips", @@ -59,7 +59,7 @@ SKIP: { "recipes", "90-test_sslapi_data", "dhparams.pem")])), - "running sslapitest"); + "running sslapitest with default fips config"); run(test(["fips_version_test", "-config", $provconf, ">=3.1.0"]), capture => 1, statusvar => \my $exit); @@ -70,7 +70,7 @@ SKIP: { # Read in a text $infile and replace the regular expression in $srch with the # value in $repl and output to a new file $outfile. sub replace_line_file_internal { - + my ($infile, $srch, $repl, $outfile) = @_; my $msg; @@ -85,7 +85,7 @@ SKIP: { close $fh; return 1; } - + # Read in the text input file $infile # and replace a single Key = Value line with a new value in $value. # OR remove the Key = Value line if the passed in $value is empty. @@ -102,7 +102,7 @@ SKIP: { } return replace_line_file_internal($infile, $srch, $rep, $outfile); } - + # Read in the text $input file # and search for the $key and replace with $newkey # and then output a new file $outfile. @@ -114,13 +114,13 @@ SKIP: { $srch, $rep, $outfile); } - # In order to enable the tls1-prf-ems-check=1 in a fips config file + # The default fipsmodule.cnf in tests is set with -pedantic. + # In order to enable the tls1-prf-ems-check=0 in a fips config file # copy the existing fipsmodule.cnf and modify it. # Then copy fips-and-base.cfg to make a file that includes the changed file - # NOTE that this just runs test_no_ems() to check that the connection - # fails if ems is not used and the fips check is enabled. + $ENV{OPENSSL_CONF_INCLUDE} = result_dir(); ok(replace_kv_file($fipsmodcfg, - 'tls1-prf-ems-check', '1', + 'tls1-prf-ems-check', '0', $fipsmodcfgnew) && replace_line_file($provconf, $fipsmodcfg_filename, $fipsmodcfgnew_filename, @@ -134,10 +134,7 @@ SKIP: { "recipes", "90-test_sslapi_data", "dhparams.pem")])), - "running sslapitest"); - - unlink $fipsmodcfgnew; - unlink $provconfnew; + "running sslapitest with modified fips config"); } ok(run(test(["ssl_handshake_rtt_test"])),"running ssl_handshake_rtt_test"); diff --git a/test/recipes/91-test_pkey_check.t b/test/recipes/91-test_pkey_check.t index f8088df14d..93369777a9 100644 --- a/test/recipes/91-test_pkey_check.t +++ b/test/recipes/91-test_pkey_check.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/95-test_external_gost_engine_data/gost_engine.sh b/test/recipes/95-test_external_gost_engine_data/gost_engine.sh index 1a72a4bc2e..54ebd5796c 100755 --- a/test/recipes/95-test_external_gost_engine_data/gost_engine.sh +++ b/test/recipes/95-test_external_gost_engine_data/gost_engine.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/95-test_external_oqsprovider_data/oqsprovider-pkcs12gen.sh b/test/recipes/95-test_external_oqsprovider_data/oqsprovider-pkcs12gen.sh new file mode 100755 index 0000000000..987c0b12fd --- /dev/null +++ b/test/recipes/95-test_external_oqsprovider_data/oqsprovider-pkcs12gen.sh @@ -0,0 +1,68 @@ +#!/bin/bash + +# Use newly built oqsprovider to save PKCS#12 files from keys and +# and certificates files generated using alg $1. +# Assumed oqsprovider-certgen.sh to have run before for same algorithm + +set -e +set -x + +if [ $# -lt 1 ]; then + echo "Usage: $0 . Exiting." + exit 1 +fi + +echo "oqsprovider-pkcs12gen.sh commencing..." + +if [ -z "$OPENSSL_APP" ]; then + echo "OPENSSL_APP env var not set. Exiting." + exit 1 +fi + +if [ -z "$OPENSSL_MODULES" ]; then + echo "Warning: OPENSSL_MODULES env var not set." +fi + +if [ -z "$OPENSSL_CONF" ]; then + echo "OPENSSL_CONF env var not set. Exiting." + exit 1 +fi + +# Set OSX DYLD_LIBRARY_PATH if not already externally set +if [ -z "$DYLD_LIBRARY_PATH" ]; then + export DYLD_LIBRARY_PATH=$LD_LIBRARY_PATH +fi + +# Assumes certgen has been run before: Quick check +if [[ -f tmp/$1_CA.crt && -f tmp/$1_CA.key ]]; then + echo "Key and certificate using $1 found." +else + echo "File tmp/$1_CA.crt and/or tmp/$1_CA.key not found. Did certgen run before? Exiting." + exit -1 +fi + +echo "Generating PKCS#12 files..." + +# pkcs12 test: +$OPENSSL_APP pkcs12 -export -in tmp/$1_srv.crt -inkey tmp/$1_srv.key -passout pass: -out tmp/$1_srv_1.p12 + +if [ $? -ne 0 ] || [ ! -f tmp/$1_srv_1.p12 ]; then + echo "PKCS#12 generation with oqsprovider enabled failed." + exit 1 +fi + +# Generate config file with oqsprovider disabled +sed -e 's/^oqsprovider/# oqsprovider/' $OPENSSL_CONF > tmp/openssl-ca-no-oqsprovider.cnf + +# This print an error but OpenSSL returns 0 and .p12 file is generated correctly +OPENSSL_CONF=tmp/openssl-ca-no-oqsprovider.cnf $OPENSSL_APP pkcs12 -provider default -provider oqsprovider -export -in tmp/$1_srv.crt -inkey tmp/$1_srv.key -passout pass: -out tmp/$1_srv_2.p12 + +if [ $? -ne 0 ] || [ ! -f tmp/$1_srv_2.p12 ]; then + echo "PKCS#12 generation with oqsprovider disabled failed." + exit 1 +fi + +if [ $(cat tmp/$1_srv_1.p12 | $OPENSSL_APP sha256) -neq $(cat tmp/$1_srv_2.p12 | $OPENSSL_APP sha256) ]; then + echo "PKCS#12 files differ when oqsprovider is enabled or not." + exit 1 +fi diff --git a/test/recipes/95-test_external_oqsprovider_data/oqsprovider.sh b/test/recipes/95-test_external_oqsprovider_data/oqsprovider.sh index ef804961de..bcbc6983f0 100755 --- a/test/recipes/95-test_external_oqsprovider_data/oqsprovider.sh +++ b/test/recipes/95-test_external_oqsprovider_data/oqsprovider.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -46,13 +46,13 @@ echo " OpenSSL version: $OPENSSL_VERSION" echo "------------------------------------------------------------------" if [ ! -d $SRCTOP/oqs-provider/.local ]; then -# this version of oqsprovider dependent on v0.8.0 of liboqs, so set this; +# this version of oqsprovider dependent on v0.11.0 of liboqs, so set this; # also be sure to use this openssl for liboqs-internal OpenSSL use; # see all libops config options listed at # https://github.com/open-quantum-safe/liboqs/wiki/Customizing-liboqs ( cd $SRCTOP/oqs-provider \ - && git clone --depth 1 --branch 0.8.0 https://github.com/open-quantum-safe/liboqs.git \ + && git clone --depth 1 --branch 0.11.0 https://github.com/open-quantum-safe/liboqs.git \ && cd liboqs \ && mkdir build \ && cd build \ @@ -71,4 +71,6 @@ export OPENSSL_MODULES=$PWD/_build/lib export OQS_PROVIDER_TESTSCRIPTS=$SRCTOP/oqs-provider/scripts export OPENSSL_CONF=$OQS_PROVIDER_TESTSCRIPTS/openssl-ca.cnf # Be verbose if harness is verbose: +# Fixup for oqsprovider release snafu: +cp $SRCTOP/test/recipes/95-test_external_oqsprovider_data/oqsprovider-pkcs12gen.sh $SRCTOP/oqs-provider/scripts/ $SRCTOP/oqs-provider/scripts/runtests.sh -V diff --git a/test/recipes/95-test_external_tlsfuzzer_data/cert.json.in b/test/recipes/95-test_external_tlsfuzzer_data/cert.json.in index 1bc20799d9..b82301e23b 100644 --- a/test/recipes/95-test_external_tlsfuzzer_data/cert.json.in +++ b/test/recipes/95-test_external_tlsfuzzer_data/cert.json.in @@ -31,7 +31,11 @@ "arguments" : ["-p", "@PORT@"]}, {"name" : "test-conversation.py", "arguments" : ["-p", "@PORT@", - "-d"]} + "-d"]}, + {"name" : "test-invalid-client-hello-w-record-overflow.py", + "arguments" : ["-n", "0", "-C", + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "-d", + "--ems", "session ID len fuzz to 5 w/ext"]} ] } diff --git a/test/recipes/95-test_external_tlsfuzzer_data/tlsfuzzer.sh b/test/recipes/95-test_external_tlsfuzzer_data/tlsfuzzer.sh index be27dc7169..dfc902992f 100644 --- a/test/recipes/95-test_external_tlsfuzzer_data/tlsfuzzer.sh +++ b/test/recipes/95-test_external_tlsfuzzer_data/tlsfuzzer.sh @@ -1,6 +1,6 @@ #!/bin/bash # -# Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/99-test_fuzz_quic_rcidm.t b/test/recipes/99-test_fuzz_quic_rcidm.t index ea33651beb..d98ae6b612 100644 --- a/test/recipes/99-test_fuzz_quic_rcidm.t +++ b/test/recipes/99-test_fuzz_quic_rcidm.t @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/rpktest.c b/test/rpktest.c index ac824798f1..41347380f2 100644 --- a/test/rpktest.c +++ b/test/rpktest.c @@ -1,5 +1,5 @@ /* - * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -89,12 +89,14 @@ static int rpk_verify_server_cb(int ok, X509_STORE_CTX *ctx) * idx = 13 - resumption with client authentication * idx = 14 - resumption with client authentication, no ticket * idx = 15 - like 0, but use non-default libctx + * idx = 16 - like 7, but with SSL_VERIFY_PEER connection should fail + * idx = 17 - like 8, but with SSL_VERIFY_PEER connection should fail * - * 16 * 2 * 4 * 2 * 2 * 2 * 2 = 2048 tests + * 18 * 2 * 4 * 2 * 2 * 2 * 2 = 2048 tests */ static int test_rpk(int idx) { -# define RPK_TESTS 16 +# define RPK_TESTS 18 # define RPK_DIMS (2 * 4 * 2 * 2 * 2 * 2) SSL_CTX *cctx = NULL, *sctx = NULL; SSL *clientssl = NULL, *serverssl = NULL; @@ -114,6 +116,7 @@ static int test_rpk(int idx) int idx_cert, idx_prot; int client_auth = 0; int resumption = 0; + int want_error = SSL_ERROR_NONE; long server_verify_result = 0; long client_verify_result = 0; OSSL_LIB_CTX *test_libctx = NULL; @@ -188,7 +191,7 @@ static int test_rpk(int idx) #ifdef OPENSSL_NO_ECDSA /* Can't get other_key if it's ECDSA */ if (other_pkey == NULL && idx_cert == 0 - && (idx == 4 || idx == 6 || idx == 7)) { + && (idx == 4 || idx == 6 || idx == 7 || idx == 16)) { testresult = TEST_skip("EDCSA disabled"); goto end; } @@ -266,8 +269,10 @@ static int test_rpk(int idx) goto end; /* Only a private key */ if (idx == 1) { - if (idx_server_server_rpk == 0 || idx_client_server_rpk == 0) + if (idx_server_server_rpk == 0 || idx_client_server_rpk == 0) { expected = 0; + want_error = SSL_ERROR_SSL; + } } else { /* Add certificate */ if (!TEST_int_eq(SSL_use_certificate_file(serverssl, cert_file, SSL_FILETYPE_PEM), 1)) @@ -333,12 +338,14 @@ static int test_rpk(int idx) client_expected = -1; if (!TEST_true(SSL_add_expected_rpk(clientssl, other_pkey))) goto end; + SSL_set_verify(clientssl, SSL_VERIFY_NONE, rpk_verify_client_cb); client_verify_result = X509_V_ERR_DANE_NO_MATCH; break; case 8: if (idx_server_server_rpk == 1 && idx_client_server_rpk == 1) client_expected = -1; /* no peer keys */ + SSL_set_verify(clientssl, SSL_VERIFY_NONE, rpk_verify_client_cb); client_verify_result = X509_V_ERR_RPK_UNTRUSTED; break; case 9: @@ -370,9 +377,13 @@ static int test_rpk(int idx) if (!TEST_int_eq(SSL_use_PrivateKey_file(clientssl, privkey_file, SSL_FILETYPE_PEM), 1)) goto end; /* Since there's no cert, this is expected to fail without RPK support */ - if (!idx_server_client_rpk || !idx_client_client_rpk) + if (!idx_server_client_rpk || !idx_client_client_rpk) { expected = 0; - SSL_set_verify(serverssl, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, rpk_verify_server_cb); + want_error = SSL_ERROR_SSL; + SSL_set_verify(serverssl, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL); + } else { + SSL_set_verify(serverssl, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, rpk_verify_server_cb); + } client_auth = 1; break; case 11: @@ -449,31 +460,52 @@ static int test_rpk(int idx) if (!TEST_true(SSL_add_expected_rpk(clientssl, pkey))) goto end; break; + case 16: + if (idx_server_server_rpk == 1 && idx_client_server_rpk == 1) { + /* wrong expected server key */ + expected = 0; + want_error = SSL_ERROR_SSL; + SSL_set_verify(serverssl, SSL_VERIFY_PEER, NULL); + } + if (!TEST_true(SSL_add_expected_rpk(clientssl, other_pkey))) + goto end; + break; + case 17: + if (idx_server_server_rpk == 1 && idx_client_server_rpk == 1) { + /* no expected server keys */ + expected = 0; + want_error = SSL_ERROR_SSL; + SSL_set_verify(serverssl, SSL_VERIFY_PEER, NULL); + } + break; } - ret = create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE); + ret = create_ssl_connection(serverssl, clientssl, want_error); if (!TEST_int_eq(expected, ret)) goto end; + if (expected <= 0) { + testresult = 1; + goto end; + } + /* Make sure client gets RPK or certificate as configured */ - if (expected == 1) { - if (idx_server_server_rpk && idx_client_server_rpk) { - if (!TEST_long_eq(SSL_get_verify_result(clientssl), client_verify_result)) - goto end; - if (!TEST_ptr(SSL_get0_peer_rpk(clientssl))) - goto end; - if (!TEST_int_eq(SSL_get_negotiated_server_cert_type(serverssl), TLSEXT_cert_type_rpk)) - goto end; - if (!TEST_int_eq(SSL_get_negotiated_server_cert_type(clientssl), TLSEXT_cert_type_rpk)) - goto end; - } else { - if (!TEST_ptr(SSL_get0_peer_certificate(clientssl))) - goto end; - if (!TEST_int_eq(SSL_get_negotiated_server_cert_type(serverssl), TLSEXT_cert_type_x509)) - goto end; - if (!TEST_int_eq(SSL_get_negotiated_server_cert_type(clientssl), TLSEXT_cert_type_x509)) - goto end; - } + if (idx_server_server_rpk && idx_client_server_rpk) { + if (!TEST_long_eq(SSL_get_verify_result(clientssl), client_verify_result)) + goto end; + if (!TEST_ptr(SSL_get0_peer_rpk(clientssl))) + goto end; + if (!TEST_int_eq(SSL_get_negotiated_server_cert_type(serverssl), TLSEXT_cert_type_rpk)) + goto end; + if (!TEST_int_eq(SSL_get_negotiated_server_cert_type(clientssl), TLSEXT_cert_type_rpk)) + goto end; + } else { + if (!TEST_ptr(SSL_get0_peer_certificate(clientssl))) + goto end; + if (!TEST_int_eq(SSL_get_negotiated_server_cert_type(serverssl), TLSEXT_cert_type_x509)) + goto end; + if (!TEST_int_eq(SSL_get_negotiated_server_cert_type(clientssl), TLSEXT_cert_type_x509)) + goto end; } if (idx == 9) { @@ -500,8 +532,7 @@ static int test_rpk(int idx) if (!TEST_int_eq(SSL_get_negotiated_client_cert_type(clientssl), TLSEXT_cert_type_rpk)) goto end; } else { - /* only if connection is expected to succeed */ - if (expected == 1 && !TEST_ptr(SSL_get0_peer_certificate(serverssl))) + if (!TEST_ptr(SSL_get0_peer_certificate(serverssl))) goto end; if (!TEST_int_eq(SSL_get_negotiated_client_cert_type(serverssl), TLSEXT_cert_type_x509)) goto end; @@ -591,7 +622,7 @@ static int test_rpk(int idx) } ret = create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE); - if (!TEST_int_eq(expected, ret)) + if (!TEST_true(ret)) goto end; verify = SSL_get_verify_result(clientssl); if (!TEST_int_eq(client_expected, verify)) diff --git a/test/siphash_internal_test.c b/test/siphash_internal_test.c index 3ab1677d2d..7d1c6be9e8 100644 --- a/test/siphash_internal_test.c +++ b/test/siphash_internal_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/sm2_internal_test.c b/test/sm2_internal_test.c index 2d91827749..1623098fc6 100644 --- a/test/sm2_internal_test.c +++ b/test/sm2_internal_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -305,7 +305,8 @@ static int test_sm2_sign(const EC_GROUP *group, const char *message, const char *k_hex, const char *r_hex, - const char *s_hex) + const char *s_hex, + int omit_pubkey) { const size_t msg_len = strlen(message); int ok = 0; @@ -327,11 +328,13 @@ static int test_sm2_sign(const EC_GROUP *group, || !TEST_true(EC_KEY_set_private_key(key, priv))) goto done; - pt = EC_POINT_new(group); - if (!TEST_ptr(pt) - || !TEST_true(EC_POINT_mul(group, pt, priv, NULL, NULL, NULL)) - || !TEST_true(EC_KEY_set_public_key(key, pt))) - goto done; + if (omit_pubkey == 0) { + pt = EC_POINT_new(group); + if (!TEST_ptr(pt) + || !TEST_true(EC_POINT_mul(group, pt, priv, NULL, NULL, NULL)) + || !TEST_true(EC_KEY_set_public_key(key, pt))) + goto done; + } start_fake_rand(k_hex); sig = ossl_sm2_do_sign(key, EVP_sm3(), (const uint8_t *)userid, @@ -393,7 +396,7 @@ static int sm2_sig_test(void) "006CB28D99385C175C94F94E934817663FC176D925DD72B727260DBAAE1FB2F96F" "007c47811054c6f99613a578eb8453706ccb96384fe7df5c171671e760bfa8be3a", "40F1EC59F793D9F49E09DCEF49130D4194F79FB1EED2CAA55BACDB49C4E755D1", - "6FC6DAC32C5D5CF10C77DFB20F7C2EB667A457872FB09EC56327A67EC7DEEBE7"))) + "6FC6DAC32C5D5CF10C77DFB20F7C2EB667A457872FB09EC56327A67EC7DEEBE7", 0))) goto done; /* From Annex A in both GM/T0003.5-2012 and GB/T 32918.5-2016.*/ @@ -424,7 +427,27 @@ static int sm2_sig_test(void) /* signature R, 0x20 bytes */ "F5A03B0648D2C4630EEAC513E1BB81A15944DA3827D5B74143AC7EACEEE720B3", /* signature S, 0x20 bytes */ - "B1B6AA29DF212FD8763182BC0D421CA1BB9038FD1F7F42D4840B69C485BBC1AA"))) + "B1B6AA29DF212FD8763182BC0D421CA1BB9038FD1F7F42D4840B69C485BBC1AA", 0))) + goto done; + + + /* Make sure we fail if we omit the public portion of the key */ + if (!TEST_false(test_sm2_sign( + gm_group, + /* the default ID specified in GM/T 0009-2012 (Sec. 10).*/ + SM2_DEFAULT_USERID, + /* privkey */ + "3945208F7B2144B13F36E38AC6D39F95889393692860B51A42FB81EF4DF7C5B8", + /* plaintext message */ + "message digest", + /* ephemeral nonce k */ + "59276E27D506861A16680F3AD9C02DCCEF3CC1FA3CDBE4CE6D54B80DEAC1BC21", + /* expected signature, the field values are from GM/T 0003.5-2012, + Annex A. */ + /* signature R, 0x20 bytes */ + "F5A03B0648D2C4630EEAC513E1BB81A15944DA3827D5B74143AC7EACEEE720B3", + /* signature S, 0x20 bytes */ + "B1B6AA29DF212FD8763182BC0D421CA1BB9038FD1F7F42D4840B69C485BBC1AA", 1))) goto done; testresult = 1; diff --git a/test/ssl-tests/08-npn.cnf b/test/ssl-tests/08-npn.cnf index f38b3f6975..1931d02de4 100644 --- a/test/ssl-tests/08-npn.cnf +++ b/test/ssl-tests/08-npn.cnf @@ -1,6 +1,6 @@ # Generated with generate_ssl_tests.pl -num_tests = 20 +num_tests = 22 test-0 = 0-npn-simple test-1 = 1-npn-client-finds-match @@ -8,20 +8,22 @@ test-2 = 2-npn-client-honours-server-pref test-3 = 3-npn-client-first-pref-on-mismatch test-4 = 4-npn-no-server-support test-5 = 5-npn-no-client-support -test-6 = 6-npn-with-sni-no-context-switch -test-7 = 7-npn-with-sni-context-switch -test-8 = 8-npn-selected-sni-server-supports-npn -test-9 = 9-npn-selected-sni-server-does-not-support-npn -test-10 = 10-alpn-preferred-over-npn -test-11 = 11-sni-npn-preferred-over-alpn -test-12 = 12-npn-simple-resumption -test-13 = 13-npn-server-switch-resumption -test-14 = 14-npn-client-switch-resumption -test-15 = 15-npn-client-first-pref-on-mismatch-resumption -test-16 = 16-npn-no-server-support-resumption -test-17 = 17-npn-no-client-support-resumption -test-18 = 18-alpn-preferred-over-npn-resumption -test-19 = 19-npn-used-if-alpn-not-supported-resumption +test-6 = 6-npn-empty-client-list +test-7 = 7-npn-empty-server-list +test-8 = 8-npn-with-sni-no-context-switch +test-9 = 9-npn-with-sni-context-switch +test-10 = 10-npn-selected-sni-server-supports-npn +test-11 = 11-npn-selected-sni-server-does-not-support-npn +test-12 = 12-alpn-preferred-over-npn +test-13 = 13-sni-npn-preferred-over-alpn +test-14 = 14-npn-simple-resumption +test-15 = 15-npn-server-switch-resumption +test-16 = 16-npn-client-switch-resumption +test-17 = 17-npn-client-first-pref-on-mismatch-resumption +test-18 = 18-npn-no-server-support-resumption +test-19 = 19-npn-no-client-support-resumption +test-20 = 20-alpn-preferred-over-npn-resumption +test-21 = 21-npn-used-if-alpn-not-supported-resumption # =========================================================== [0-npn-simple] @@ -206,253 +208,318 @@ NPNProtocols = foo # =========================================================== -[6-npn-with-sni-no-context-switch] -ssl_conf = 6-npn-with-sni-no-context-switch-ssl +[6-npn-empty-client-list] +ssl_conf = 6-npn-empty-client-list-ssl -[6-npn-with-sni-no-context-switch-ssl] -server = 6-npn-with-sni-no-context-switch-server -client = 6-npn-with-sni-no-context-switch-client -server2 = 6-npn-with-sni-no-context-switch-server2 +[6-npn-empty-client-list-ssl] +server = 6-npn-empty-client-list-server +client = 6-npn-empty-client-list-client -[6-npn-with-sni-no-context-switch-server] +[6-npn-empty-client-list-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[6-npn-with-sni-no-context-switch-server2] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[6-npn-with-sni-no-context-switch-client] +[6-npn-empty-client-list-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-6] -ExpectedNPNProtocol = foo -ExpectedServerName = server1 -server = 6-npn-with-sni-no-context-switch-server-extra -server2 = 6-npn-with-sni-no-context-switch-server2-extra -client = 6-npn-with-sni-no-context-switch-client-extra +ExpectedClientAlert = HandshakeFailure +ExpectedResult = ClientFail +server = 6-npn-empty-client-list-server-extra +client = 6-npn-empty-client-list-client-extra -[6-npn-with-sni-no-context-switch-server-extra] +[6-npn-empty-client-list-server-extra] NPNProtocols = foo -ServerNameCallback = IgnoreMismatch -[6-npn-with-sni-no-context-switch-server2-extra] -NPNProtocols = bar - -[6-npn-with-sni-no-context-switch-client-extra] -NPNProtocols = foo,bar -ServerName = server1 +[6-npn-empty-client-list-client-extra] +NPNProtocols = # =========================================================== -[7-npn-with-sni-context-switch] -ssl_conf = 7-npn-with-sni-context-switch-ssl +[7-npn-empty-server-list] +ssl_conf = 7-npn-empty-server-list-ssl -[7-npn-with-sni-context-switch-ssl] -server = 7-npn-with-sni-context-switch-server -client = 7-npn-with-sni-context-switch-client -server2 = 7-npn-with-sni-context-switch-server2 +[7-npn-empty-server-list-ssl] +server = 7-npn-empty-server-list-server +client = 7-npn-empty-server-list-client -[7-npn-with-sni-context-switch-server] +[7-npn-empty-server-list-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[7-npn-with-sni-context-switch-server2] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[7-npn-with-sni-context-switch-client] +[7-npn-empty-server-list-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-7] -ExpectedNPNProtocol = bar -ExpectedServerName = server2 -server = 7-npn-with-sni-context-switch-server-extra -server2 = 7-npn-with-sni-context-switch-server2-extra -client = 7-npn-with-sni-context-switch-client-extra +ExpectedNPNProtocol = foo +server = 7-npn-empty-server-list-server-extra +client = 7-npn-empty-server-list-client-extra -[7-npn-with-sni-context-switch-server-extra] +[7-npn-empty-server-list-server-extra] +NPNProtocols = + +[7-npn-empty-server-list-client-extra] NPNProtocols = foo -ServerNameCallback = IgnoreMismatch - -[7-npn-with-sni-context-switch-server2-extra] -NPNProtocols = bar - -[7-npn-with-sni-context-switch-client-extra] -NPNProtocols = foo,bar -ServerName = server2 # =========================================================== -[8-npn-selected-sni-server-supports-npn] -ssl_conf = 8-npn-selected-sni-server-supports-npn-ssl +[8-npn-with-sni-no-context-switch] +ssl_conf = 8-npn-with-sni-no-context-switch-ssl -[8-npn-selected-sni-server-supports-npn-ssl] -server = 8-npn-selected-sni-server-supports-npn-server -client = 8-npn-selected-sni-server-supports-npn-client -server2 = 8-npn-selected-sni-server-supports-npn-server2 +[8-npn-with-sni-no-context-switch-ssl] +server = 8-npn-with-sni-no-context-switch-server +client = 8-npn-with-sni-no-context-switch-client +server2 = 8-npn-with-sni-no-context-switch-server2 -[8-npn-selected-sni-server-supports-npn-server] +[8-npn-with-sni-no-context-switch-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[8-npn-selected-sni-server-supports-npn-server2] +[8-npn-with-sni-no-context-switch-server2] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[8-npn-selected-sni-server-supports-npn-client] +[8-npn-with-sni-no-context-switch-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-8] -ExpectedNPNProtocol = bar -ExpectedServerName = server2 -server = 8-npn-selected-sni-server-supports-npn-server-extra -server2 = 8-npn-selected-sni-server-supports-npn-server2-extra -client = 8-npn-selected-sni-server-supports-npn-client-extra +ExpectedNPNProtocol = foo +ExpectedServerName = server1 +server = 8-npn-with-sni-no-context-switch-server-extra +server2 = 8-npn-with-sni-no-context-switch-server2-extra +client = 8-npn-with-sni-no-context-switch-client-extra -[8-npn-selected-sni-server-supports-npn-server-extra] +[8-npn-with-sni-no-context-switch-server-extra] +NPNProtocols = foo ServerNameCallback = IgnoreMismatch -[8-npn-selected-sni-server-supports-npn-server2-extra] +[8-npn-with-sni-no-context-switch-server2-extra] NPNProtocols = bar -[8-npn-selected-sni-server-supports-npn-client-extra] +[8-npn-with-sni-no-context-switch-client-extra] NPNProtocols = foo,bar -ServerName = server2 +ServerName = server1 # =========================================================== -[9-npn-selected-sni-server-does-not-support-npn] -ssl_conf = 9-npn-selected-sni-server-does-not-support-npn-ssl +[9-npn-with-sni-context-switch] +ssl_conf = 9-npn-with-sni-context-switch-ssl -[9-npn-selected-sni-server-does-not-support-npn-ssl] -server = 9-npn-selected-sni-server-does-not-support-npn-server -client = 9-npn-selected-sni-server-does-not-support-npn-client -server2 = 9-npn-selected-sni-server-does-not-support-npn-server2 +[9-npn-with-sni-context-switch-ssl] +server = 9-npn-with-sni-context-switch-server +client = 9-npn-with-sni-context-switch-client +server2 = 9-npn-with-sni-context-switch-server2 -[9-npn-selected-sni-server-does-not-support-npn-server] +[9-npn-with-sni-context-switch-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[9-npn-selected-sni-server-does-not-support-npn-server2] +[9-npn-with-sni-context-switch-server2] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[9-npn-selected-sni-server-does-not-support-npn-client] +[9-npn-with-sni-context-switch-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-9] +ExpectedNPNProtocol = bar ExpectedServerName = server2 -server = 9-npn-selected-sni-server-does-not-support-npn-server-extra -client = 9-npn-selected-sni-server-does-not-support-npn-client-extra +server = 9-npn-with-sni-context-switch-server-extra +server2 = 9-npn-with-sni-context-switch-server2-extra +client = 9-npn-with-sni-context-switch-client-extra -[9-npn-selected-sni-server-does-not-support-npn-server-extra] -NPNProtocols = bar +[9-npn-with-sni-context-switch-server-extra] +NPNProtocols = foo ServerNameCallback = IgnoreMismatch -[9-npn-selected-sni-server-does-not-support-npn-client-extra] +[9-npn-with-sni-context-switch-server2-extra] +NPNProtocols = bar + +[9-npn-with-sni-context-switch-client-extra] NPNProtocols = foo,bar ServerName = server2 # =========================================================== -[10-alpn-preferred-over-npn] -ssl_conf = 10-alpn-preferred-over-npn-ssl +[10-npn-selected-sni-server-supports-npn] +ssl_conf = 10-npn-selected-sni-server-supports-npn-ssl -[10-alpn-preferred-over-npn-ssl] -server = 10-alpn-preferred-over-npn-server -client = 10-alpn-preferred-over-npn-client +[10-npn-selected-sni-server-supports-npn-ssl] +server = 10-npn-selected-sni-server-supports-npn-server +client = 10-npn-selected-sni-server-supports-npn-client +server2 = 10-npn-selected-sni-server-supports-npn-server2 -[10-alpn-preferred-over-npn-server] +[10-npn-selected-sni-server-supports-npn-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[10-alpn-preferred-over-npn-client] +[10-npn-selected-sni-server-supports-npn-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-npn-selected-sni-server-supports-npn-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-10] -ExpectedALPNProtocol = foo -server = 10-alpn-preferred-over-npn-server-extra -client = 10-alpn-preferred-over-npn-client-extra +ExpectedNPNProtocol = bar +ExpectedServerName = server2 +server = 10-npn-selected-sni-server-supports-npn-server-extra +server2 = 10-npn-selected-sni-server-supports-npn-server2-extra +client = 10-npn-selected-sni-server-supports-npn-client-extra -[10-alpn-preferred-over-npn-server-extra] -ALPNProtocols = foo +[10-npn-selected-sni-server-supports-npn-server-extra] +ServerNameCallback = IgnoreMismatch + +[10-npn-selected-sni-server-supports-npn-server2-extra] NPNProtocols = bar -[10-alpn-preferred-over-npn-client-extra] -ALPNProtocols = foo -NPNProtocols = bar +[10-npn-selected-sni-server-supports-npn-client-extra] +NPNProtocols = foo,bar +ServerName = server2 # =========================================================== -[11-sni-npn-preferred-over-alpn] -ssl_conf = 11-sni-npn-preferred-over-alpn-ssl +[11-npn-selected-sni-server-does-not-support-npn] +ssl_conf = 11-npn-selected-sni-server-does-not-support-npn-ssl -[11-sni-npn-preferred-over-alpn-ssl] -server = 11-sni-npn-preferred-over-alpn-server -client = 11-sni-npn-preferred-over-alpn-client -server2 = 11-sni-npn-preferred-over-alpn-server2 +[11-npn-selected-sni-server-does-not-support-npn-ssl] +server = 11-npn-selected-sni-server-does-not-support-npn-server +client = 11-npn-selected-sni-server-does-not-support-npn-client +server2 = 11-npn-selected-sni-server-does-not-support-npn-server2 -[11-sni-npn-preferred-over-alpn-server] +[11-npn-selected-sni-server-does-not-support-npn-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[11-sni-npn-preferred-over-alpn-server2] +[11-npn-selected-sni-server-does-not-support-npn-server2] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[11-sni-npn-preferred-over-alpn-client] +[11-npn-selected-sni-server-does-not-support-npn-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-11] +ExpectedServerName = server2 +server = 11-npn-selected-sni-server-does-not-support-npn-server-extra +client = 11-npn-selected-sni-server-does-not-support-npn-client-extra + +[11-npn-selected-sni-server-does-not-support-npn-server-extra] +NPNProtocols = bar +ServerNameCallback = IgnoreMismatch + +[11-npn-selected-sni-server-does-not-support-npn-client-extra] +NPNProtocols = foo,bar +ServerName = server2 + + +# =========================================================== + +[12-alpn-preferred-over-npn] +ssl_conf = 12-alpn-preferred-over-npn-ssl + +[12-alpn-preferred-over-npn-ssl] +server = 12-alpn-preferred-over-npn-server +client = 12-alpn-preferred-over-npn-client + +[12-alpn-preferred-over-npn-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-alpn-preferred-over-npn-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedALPNProtocol = foo +server = 12-alpn-preferred-over-npn-server-extra +client = 12-alpn-preferred-over-npn-client-extra + +[12-alpn-preferred-over-npn-server-extra] +ALPNProtocols = foo +NPNProtocols = bar + +[12-alpn-preferred-over-npn-client-extra] +ALPNProtocols = foo +NPNProtocols = bar + + +# =========================================================== + +[13-sni-npn-preferred-over-alpn] +ssl_conf = 13-sni-npn-preferred-over-alpn-ssl + +[13-sni-npn-preferred-over-alpn-ssl] +server = 13-sni-npn-preferred-over-alpn-server +client = 13-sni-npn-preferred-over-alpn-client +server2 = 13-sni-npn-preferred-over-alpn-server2 + +[13-sni-npn-preferred-over-alpn-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-sni-npn-preferred-over-alpn-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-sni-npn-preferred-over-alpn-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] ExpectedNPNProtocol = bar ExpectedServerName = server2 -server = 11-sni-npn-preferred-over-alpn-server-extra -server2 = 11-sni-npn-preferred-over-alpn-server2-extra -client = 11-sni-npn-preferred-over-alpn-client-extra +server = 13-sni-npn-preferred-over-alpn-server-extra +server2 = 13-sni-npn-preferred-over-alpn-server2-extra +client = 13-sni-npn-preferred-over-alpn-client-extra -[11-sni-npn-preferred-over-alpn-server-extra] +[13-sni-npn-preferred-over-alpn-server-extra] ALPNProtocols = foo ServerNameCallback = IgnoreMismatch -[11-sni-npn-preferred-over-alpn-server2-extra] +[13-sni-npn-preferred-over-alpn-server2-extra] NPNProtocols = bar -[11-sni-npn-preferred-over-alpn-client-extra] +[13-sni-npn-preferred-over-alpn-client-extra] ALPNProtocols = foo NPNProtocols = bar ServerName = server2 @@ -460,356 +527,356 @@ ServerName = server2 # =========================================================== -[12-npn-simple-resumption] -ssl_conf = 12-npn-simple-resumption-ssl +[14-npn-simple-resumption] +ssl_conf = 14-npn-simple-resumption-ssl -[12-npn-simple-resumption-ssl] -server = 12-npn-simple-resumption-server -client = 12-npn-simple-resumption-client -resume-server = 12-npn-simple-resumption-server -resume-client = 12-npn-simple-resumption-client +[14-npn-simple-resumption-ssl] +server = 14-npn-simple-resumption-server +client = 14-npn-simple-resumption-client +resume-server = 14-npn-simple-resumption-server +resume-client = 14-npn-simple-resumption-client -[12-npn-simple-resumption-server] +[14-npn-simple-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[12-npn-simple-resumption-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-12] -ExpectedNPNProtocol = foo -HandshakeMode = Resume -ResumptionExpected = Yes -server = 12-npn-simple-resumption-server-extra -resume-server = 12-npn-simple-resumption-server-extra -client = 12-npn-simple-resumption-client-extra -resume-client = 12-npn-simple-resumption-client-extra - -[12-npn-simple-resumption-server-extra] -NPNProtocols = foo - -[12-npn-simple-resumption-client-extra] -NPNProtocols = foo - - -# =========================================================== - -[13-npn-server-switch-resumption] -ssl_conf = 13-npn-server-switch-resumption-ssl - -[13-npn-server-switch-resumption-ssl] -server = 13-npn-server-switch-resumption-server -client = 13-npn-server-switch-resumption-client -resume-server = 13-npn-server-switch-resumption-resume-server -resume-client = 13-npn-server-switch-resumption-client - -[13-npn-server-switch-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[13-npn-server-switch-resumption-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[13-npn-server-switch-resumption-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-13] -ExpectedNPNProtocol = baz -HandshakeMode = Resume -ResumptionExpected = Yes -server = 13-npn-server-switch-resumption-server-extra -resume-server = 13-npn-server-switch-resumption-resume-server-extra -client = 13-npn-server-switch-resumption-client-extra -resume-client = 13-npn-server-switch-resumption-client-extra - -[13-npn-server-switch-resumption-server-extra] -NPNProtocols = bar,foo - -[13-npn-server-switch-resumption-resume-server-extra] -NPNProtocols = baz,foo - -[13-npn-server-switch-resumption-client-extra] -NPNProtocols = foo,bar,baz - - -# =========================================================== - -[14-npn-client-switch-resumption] -ssl_conf = 14-npn-client-switch-resumption-ssl - -[14-npn-client-switch-resumption-ssl] -server = 14-npn-client-switch-resumption-server -client = 14-npn-client-switch-resumption-client -resume-server = 14-npn-client-switch-resumption-server -resume-client = 14-npn-client-switch-resumption-resume-client - -[14-npn-client-switch-resumption-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[14-npn-client-switch-resumption-client] -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[14-npn-client-switch-resumption-resume-client] +[14-npn-simple-resumption-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-14] -ExpectedNPNProtocol = bar +ExpectedNPNProtocol = foo HandshakeMode = Resume ResumptionExpected = Yes -server = 14-npn-client-switch-resumption-server-extra -resume-server = 14-npn-client-switch-resumption-server-extra -client = 14-npn-client-switch-resumption-client-extra -resume-client = 14-npn-client-switch-resumption-resume-client-extra +server = 14-npn-simple-resumption-server-extra +resume-server = 14-npn-simple-resumption-server-extra +client = 14-npn-simple-resumption-client-extra +resume-client = 14-npn-simple-resumption-client-extra -[14-npn-client-switch-resumption-server-extra] -NPNProtocols = foo,bar,baz +[14-npn-simple-resumption-server-extra] +NPNProtocols = foo -[14-npn-client-switch-resumption-client-extra] -NPNProtocols = foo,baz - -[14-npn-client-switch-resumption-resume-client-extra] -NPNProtocols = bar,baz +[14-npn-simple-resumption-client-extra] +NPNProtocols = foo # =========================================================== -[15-npn-client-first-pref-on-mismatch-resumption] -ssl_conf = 15-npn-client-first-pref-on-mismatch-resumption-ssl +[15-npn-server-switch-resumption] +ssl_conf = 15-npn-server-switch-resumption-ssl -[15-npn-client-first-pref-on-mismatch-resumption-ssl] -server = 15-npn-client-first-pref-on-mismatch-resumption-server -client = 15-npn-client-first-pref-on-mismatch-resumption-client -resume-server = 15-npn-client-first-pref-on-mismatch-resumption-resume-server -resume-client = 15-npn-client-first-pref-on-mismatch-resumption-client +[15-npn-server-switch-resumption-ssl] +server = 15-npn-server-switch-resumption-server +client = 15-npn-server-switch-resumption-client +resume-server = 15-npn-server-switch-resumption-resume-server +resume-client = 15-npn-server-switch-resumption-client -[15-npn-client-first-pref-on-mismatch-resumption-server] +[15-npn-server-switch-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[15-npn-client-first-pref-on-mismatch-resumption-resume-server] +[15-npn-server-switch-resumption-resume-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[15-npn-client-first-pref-on-mismatch-resumption-client] +[15-npn-server-switch-resumption-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-15] -ExpectedNPNProtocol = foo +ExpectedNPNProtocol = baz HandshakeMode = Resume ResumptionExpected = Yes -server = 15-npn-client-first-pref-on-mismatch-resumption-server-extra -resume-server = 15-npn-client-first-pref-on-mismatch-resumption-resume-server-extra -client = 15-npn-client-first-pref-on-mismatch-resumption-client-extra -resume-client = 15-npn-client-first-pref-on-mismatch-resumption-client-extra +server = 15-npn-server-switch-resumption-server-extra +resume-server = 15-npn-server-switch-resumption-resume-server-extra +client = 15-npn-server-switch-resumption-client-extra +resume-client = 15-npn-server-switch-resumption-client-extra -[15-npn-client-first-pref-on-mismatch-resumption-server-extra] -NPNProtocols = bar +[15-npn-server-switch-resumption-server-extra] +NPNProtocols = bar,foo -[15-npn-client-first-pref-on-mismatch-resumption-resume-server-extra] -NPNProtocols = baz +[15-npn-server-switch-resumption-resume-server-extra] +NPNProtocols = baz,foo -[15-npn-client-first-pref-on-mismatch-resumption-client-extra] -NPNProtocols = foo,bar +[15-npn-server-switch-resumption-client-extra] +NPNProtocols = foo,bar,baz # =========================================================== -[16-npn-no-server-support-resumption] -ssl_conf = 16-npn-no-server-support-resumption-ssl +[16-npn-client-switch-resumption] +ssl_conf = 16-npn-client-switch-resumption-ssl -[16-npn-no-server-support-resumption-ssl] -server = 16-npn-no-server-support-resumption-server -client = 16-npn-no-server-support-resumption-client -resume-server = 16-npn-no-server-support-resumption-resume-server -resume-client = 16-npn-no-server-support-resumption-client +[16-npn-client-switch-resumption-ssl] +server = 16-npn-client-switch-resumption-server +client = 16-npn-client-switch-resumption-client +resume-server = 16-npn-client-switch-resumption-server +resume-client = 16-npn-client-switch-resumption-resume-client -[16-npn-no-server-support-resumption-server] +[16-npn-client-switch-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[16-npn-no-server-support-resumption-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +[16-npn-client-switch-resumption-client] CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer -[16-npn-no-server-support-resumption-client] +[16-npn-client-switch-resumption-resume-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-16] +ExpectedNPNProtocol = bar HandshakeMode = Resume ResumptionExpected = Yes -server = 16-npn-no-server-support-resumption-server-extra -client = 16-npn-no-server-support-resumption-client-extra -resume-client = 16-npn-no-server-support-resumption-client-extra +server = 16-npn-client-switch-resumption-server-extra +resume-server = 16-npn-client-switch-resumption-server-extra +client = 16-npn-client-switch-resumption-client-extra +resume-client = 16-npn-client-switch-resumption-resume-client-extra -[16-npn-no-server-support-resumption-server-extra] -NPNProtocols = foo +[16-npn-client-switch-resumption-server-extra] +NPNProtocols = foo,bar,baz -[16-npn-no-server-support-resumption-client-extra] -NPNProtocols = foo +[16-npn-client-switch-resumption-client-extra] +NPNProtocols = foo,baz + +[16-npn-client-switch-resumption-resume-client-extra] +NPNProtocols = bar,baz # =========================================================== -[17-npn-no-client-support-resumption] -ssl_conf = 17-npn-no-client-support-resumption-ssl +[17-npn-client-first-pref-on-mismatch-resumption] +ssl_conf = 17-npn-client-first-pref-on-mismatch-resumption-ssl -[17-npn-no-client-support-resumption-ssl] -server = 17-npn-no-client-support-resumption-server -client = 17-npn-no-client-support-resumption-client -resume-server = 17-npn-no-client-support-resumption-server -resume-client = 17-npn-no-client-support-resumption-resume-client +[17-npn-client-first-pref-on-mismatch-resumption-ssl] +server = 17-npn-client-first-pref-on-mismatch-resumption-server +client = 17-npn-client-first-pref-on-mismatch-resumption-client +resume-server = 17-npn-client-first-pref-on-mismatch-resumption-resume-server +resume-client = 17-npn-client-first-pref-on-mismatch-resumption-client -[17-npn-no-client-support-resumption-server] +[17-npn-client-first-pref-on-mismatch-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[17-npn-no-client-support-resumption-client] +[17-npn-client-first-pref-on-mismatch-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[17-npn-no-client-support-resumption-resume-client] +[17-npn-client-first-pref-on-mismatch-resumption-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-17] +ExpectedNPNProtocol = foo HandshakeMode = Resume ResumptionExpected = Yes -server = 17-npn-no-client-support-resumption-server-extra -resume-server = 17-npn-no-client-support-resumption-server-extra -client = 17-npn-no-client-support-resumption-client-extra +server = 17-npn-client-first-pref-on-mismatch-resumption-server-extra +resume-server = 17-npn-client-first-pref-on-mismatch-resumption-resume-server-extra +client = 17-npn-client-first-pref-on-mismatch-resumption-client-extra +resume-client = 17-npn-client-first-pref-on-mismatch-resumption-client-extra -[17-npn-no-client-support-resumption-server-extra] -NPNProtocols = foo +[17-npn-client-first-pref-on-mismatch-resumption-server-extra] +NPNProtocols = bar -[17-npn-no-client-support-resumption-client-extra] -NPNProtocols = foo +[17-npn-client-first-pref-on-mismatch-resumption-resume-server-extra] +NPNProtocols = baz + +[17-npn-client-first-pref-on-mismatch-resumption-client-extra] +NPNProtocols = foo,bar # =========================================================== -[18-alpn-preferred-over-npn-resumption] -ssl_conf = 18-alpn-preferred-over-npn-resumption-ssl +[18-npn-no-server-support-resumption] +ssl_conf = 18-npn-no-server-support-resumption-ssl -[18-alpn-preferred-over-npn-resumption-ssl] -server = 18-alpn-preferred-over-npn-resumption-server -client = 18-alpn-preferred-over-npn-resumption-client -resume-server = 18-alpn-preferred-over-npn-resumption-resume-server -resume-client = 18-alpn-preferred-over-npn-resumption-client +[18-npn-no-server-support-resumption-ssl] +server = 18-npn-no-server-support-resumption-server +client = 18-npn-no-server-support-resumption-client +resume-server = 18-npn-no-server-support-resumption-resume-server +resume-client = 18-npn-no-server-support-resumption-client -[18-alpn-preferred-over-npn-resumption-server] +[18-npn-no-server-support-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[18-alpn-preferred-over-npn-resumption-resume-server] +[18-npn-no-server-support-resumption-resume-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[18-alpn-preferred-over-npn-resumption-client] +[18-npn-no-server-support-resumption-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-18] -ExpectedALPNProtocol = foo HandshakeMode = Resume ResumptionExpected = Yes -server = 18-alpn-preferred-over-npn-resumption-server-extra -resume-server = 18-alpn-preferred-over-npn-resumption-resume-server-extra -client = 18-alpn-preferred-over-npn-resumption-client-extra -resume-client = 18-alpn-preferred-over-npn-resumption-client-extra +server = 18-npn-no-server-support-resumption-server-extra +client = 18-npn-no-server-support-resumption-client-extra +resume-client = 18-npn-no-server-support-resumption-client-extra -[18-alpn-preferred-over-npn-resumption-server-extra] -NPNProtocols = bar +[18-npn-no-server-support-resumption-server-extra] +NPNProtocols = foo -[18-alpn-preferred-over-npn-resumption-resume-server-extra] -ALPNProtocols = foo -NPNProtocols = baz - -[18-alpn-preferred-over-npn-resumption-client-extra] -ALPNProtocols = foo -NPNProtocols = bar,baz +[18-npn-no-server-support-resumption-client-extra] +NPNProtocols = foo # =========================================================== -[19-npn-used-if-alpn-not-supported-resumption] -ssl_conf = 19-npn-used-if-alpn-not-supported-resumption-ssl +[19-npn-no-client-support-resumption] +ssl_conf = 19-npn-no-client-support-resumption-ssl -[19-npn-used-if-alpn-not-supported-resumption-ssl] -server = 19-npn-used-if-alpn-not-supported-resumption-server -client = 19-npn-used-if-alpn-not-supported-resumption-client -resume-server = 19-npn-used-if-alpn-not-supported-resumption-resume-server -resume-client = 19-npn-used-if-alpn-not-supported-resumption-client +[19-npn-no-client-support-resumption-ssl] +server = 19-npn-no-client-support-resumption-server +client = 19-npn-no-client-support-resumption-client +resume-server = 19-npn-no-client-support-resumption-server +resume-client = 19-npn-no-client-support-resumption-resume-client -[19-npn-used-if-alpn-not-supported-resumption-server] +[19-npn-no-client-support-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[19-npn-used-if-alpn-not-supported-resumption-resume-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +[19-npn-no-client-support-resumption-client] CipherString = DEFAULT -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer -[19-npn-used-if-alpn-not-supported-resumption-client] +[19-npn-no-client-support-resumption-resume-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-19] -ExpectedNPNProtocol = baz HandshakeMode = Resume ResumptionExpected = Yes -server = 19-npn-used-if-alpn-not-supported-resumption-server-extra -resume-server = 19-npn-used-if-alpn-not-supported-resumption-resume-server-extra -client = 19-npn-used-if-alpn-not-supported-resumption-client-extra -resume-client = 19-npn-used-if-alpn-not-supported-resumption-client-extra +server = 19-npn-no-client-support-resumption-server-extra +resume-server = 19-npn-no-client-support-resumption-server-extra +client = 19-npn-no-client-support-resumption-client-extra -[19-npn-used-if-alpn-not-supported-resumption-server-extra] -ALPNProtocols = foo +[19-npn-no-client-support-resumption-server-extra] +NPNProtocols = foo + +[19-npn-no-client-support-resumption-client-extra] +NPNProtocols = foo + + +# =========================================================== + +[20-alpn-preferred-over-npn-resumption] +ssl_conf = 20-alpn-preferred-over-npn-resumption-ssl + +[20-alpn-preferred-over-npn-resumption-ssl] +server = 20-alpn-preferred-over-npn-resumption-server +client = 20-alpn-preferred-over-npn-resumption-client +resume-server = 20-alpn-preferred-over-npn-resumption-resume-server +resume-client = 20-alpn-preferred-over-npn-resumption-client + +[20-alpn-preferred-over-npn-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[20-alpn-preferred-over-npn-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[20-alpn-preferred-over-npn-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-20] +ExpectedALPNProtocol = foo +HandshakeMode = Resume +ResumptionExpected = Yes +server = 20-alpn-preferred-over-npn-resumption-server-extra +resume-server = 20-alpn-preferred-over-npn-resumption-resume-server-extra +client = 20-alpn-preferred-over-npn-resumption-client-extra +resume-client = 20-alpn-preferred-over-npn-resumption-client-extra + +[20-alpn-preferred-over-npn-resumption-server-extra] NPNProtocols = bar -[19-npn-used-if-alpn-not-supported-resumption-resume-server-extra] +[20-alpn-preferred-over-npn-resumption-resume-server-extra] +ALPNProtocols = foo NPNProtocols = baz -[19-npn-used-if-alpn-not-supported-resumption-client-extra] +[20-alpn-preferred-over-npn-resumption-client-extra] +ALPNProtocols = foo +NPNProtocols = bar,baz + + +# =========================================================== + +[21-npn-used-if-alpn-not-supported-resumption] +ssl_conf = 21-npn-used-if-alpn-not-supported-resumption-ssl + +[21-npn-used-if-alpn-not-supported-resumption-ssl] +server = 21-npn-used-if-alpn-not-supported-resumption-server +client = 21-npn-used-if-alpn-not-supported-resumption-client +resume-server = 21-npn-used-if-alpn-not-supported-resumption-resume-server +resume-client = 21-npn-used-if-alpn-not-supported-resumption-client + +[21-npn-used-if-alpn-not-supported-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[21-npn-used-if-alpn-not-supported-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[21-npn-used-if-alpn-not-supported-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-21] +ExpectedNPNProtocol = baz +HandshakeMode = Resume +ResumptionExpected = Yes +server = 21-npn-used-if-alpn-not-supported-resumption-server-extra +resume-server = 21-npn-used-if-alpn-not-supported-resumption-resume-server-extra +client = 21-npn-used-if-alpn-not-supported-resumption-client-extra +resume-client = 21-npn-used-if-alpn-not-supported-resumption-client-extra + +[21-npn-used-if-alpn-not-supported-resumption-server-extra] +ALPNProtocols = foo +NPNProtocols = bar + +[21-npn-used-if-alpn-not-supported-resumption-resume-server-extra] +NPNProtocols = baz + +[21-npn-used-if-alpn-not-supported-resumption-client-extra] ALPNProtocols = foo NPNProtocols = bar,baz diff --git a/test/ssl-tests/08-npn.cnf.in b/test/ssl-tests/08-npn.cnf.in index 30783e45eb..0caed2100e 100644 --- a/test/ssl-tests/08-npn.cnf.in +++ b/test/ssl-tests/08-npn.cnf.in @@ -1,5 +1,5 @@ # -*- mode: perl; -*- -# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -110,6 +110,41 @@ our @tests = ( "ExpectedNPNProtocol" => undef, }, }, + { + name => "npn-empty-client-list", + server => { + extra => { + "NPNProtocols" => "foo", + }, + }, + client => { + extra => { + "NPNProtocols" => "", + }, + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedResult" => "ClientFail", + "ExpectedClientAlert" => "HandshakeFailure" + }, + }, + { + name => "npn-empty-server-list", + server => { + extra => { + "NPNProtocols" => "", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo", + }, + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedNPNProtocol" => "foo" + }, + }, { name => "npn-with-sni-no-context-switch", server => { diff --git a/test/ssl-tests/09-alpn.cnf b/test/ssl-tests/09-alpn.cnf index e7e6cb9534..dd668739ab 100644 --- a/test/ssl-tests/09-alpn.cnf +++ b/test/ssl-tests/09-alpn.cnf @@ -1,6 +1,6 @@ # Generated with generate_ssl_tests.pl -num_tests = 16 +num_tests = 18 test-0 = 0-alpn-simple test-1 = 1-alpn-server-finds-match @@ -18,6 +18,8 @@ test-12 = 12-alpn-client-switch-resumption test-13 = 13-alpn-alert-on-mismatch-resumption test-14 = 14-alpn-no-server-support-resumption test-15 = 15-alpn-no-client-support-resumption +test-16 = 16-alpn-empty-client-list +test-17 = 17-alpn-empty-server-list # =========================================================== [0-alpn-simple] @@ -617,3 +619,65 @@ ALPNProtocols = foo ALPNProtocols = foo +# =========================================================== + +[16-alpn-empty-client-list] +ssl_conf = 16-alpn-empty-client-list-ssl + +[16-alpn-empty-client-list-ssl] +server = 16-alpn-empty-client-list-server +client = 16-alpn-empty-client-list-client + +[16-alpn-empty-client-list-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[16-alpn-empty-client-list-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-16] +server = 16-alpn-empty-client-list-server-extra +client = 16-alpn-empty-client-list-client-extra + +[16-alpn-empty-client-list-server-extra] +ALPNProtocols = foo + +[16-alpn-empty-client-list-client-extra] +ALPNProtocols = + + +# =========================================================== + +[17-alpn-empty-server-list] +ssl_conf = 17-alpn-empty-server-list-ssl + +[17-alpn-empty-server-list-ssl] +server = 17-alpn-empty-server-list-server +client = 17-alpn-empty-server-list-client + +[17-alpn-empty-server-list-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[17-alpn-empty-server-list-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-17] +ExpectedResult = ServerFail +ExpectedServerAlert = NoApplicationProtocol +server = 17-alpn-empty-server-list-server-extra +client = 17-alpn-empty-server-list-client-extra + +[17-alpn-empty-server-list-server-extra] +ALPNProtocols = + +[17-alpn-empty-server-list-client-extra] +ALPNProtocols = foo + + diff --git a/test/ssl-tests/09-alpn.cnf.in b/test/ssl-tests/09-alpn.cnf.in index 81330756c6..73e9cbabb0 100644 --- a/test/ssl-tests/09-alpn.cnf.in +++ b/test/ssl-tests/09-alpn.cnf.in @@ -1,5 +1,5 @@ # -*- mode: perl; -*- -# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -322,4 +322,37 @@ our @tests = ( "ExpectedALPNProtocol" => undef, }, }, + { + name => "alpn-empty-client-list", + server => { + extra => { + "ALPNProtocols" => "foo", + }, + }, + client => { + extra => { + "ALPNProtocols" => "", + }, + }, + test => { + "ExpectedALPNProtocol" => undef, + }, + }, + { + name => "alpn-empty-server-list", + server => { + extra => { + "ALPNProtocols" => "", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo", + }, + }, + test => { + "ExpectedResult" => "ServerFail", + "ExpectedServerAlert" => "NoApplicationProtocol", + }, + }, ); diff --git a/test/ssl-tests/14-curves.cnf.in b/test/ssl-tests/14-curves.cnf.in index 09b01e4acb..e6c048e8dd 100644 --- a/test/ssl-tests/14-curves.cnf.in +++ b/test/ssl-tests/14-curves.cnf.in @@ -12,8 +12,12 @@ use OpenSSL::Test::Utils qw(anydisabled); our $fips_mode; -my @curves = ("prime256v1", "secp384r1", "secp521r1", "X25519", - "X448"); +my @curves = ("prime256v1", "secp384r1", "secp521r1"); + +my @curves_no_fips = ("X25519", "X448"); + +push @curves, @curves_no_fips if !$fips_mode; + #Curves *only* suitable for use in TLSv1.3 my @curves_tls_1_3 = ("ffdhe2048", "ffdhe3072", "ffdhe4096", "ffdhe6144", "ffdhe8192"); diff --git a/test/ssl-tests/18-dtls-renegotiate.cnf.in b/test/ssl-tests/18-dtls-renegotiate.cnf.in index e4f7174df9..954c5fe582 100644 --- a/test/ssl-tests/18-dtls-renegotiate.cnf.in +++ b/test/ssl-tests/18-dtls-renegotiate.cnf.in @@ -1,5 +1,5 @@ # -*- mode: perl; -*- -# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/ssl-tests/20-cert-select.cnf b/test/ssl-tests/20-cert-select.cnf index 51d38b9b61..546b9ce091 100644 --- a/test/ssl-tests/20-cert-select.cnf +++ b/test/ssl-tests/20-cert-select.cnf @@ -19,12 +19,12 @@ test-13 = 13-Suite B P-256 Hash Algorithm Selection test-14 = 14-Suite B P-384 Hash Algorithm Selection test-15 = 15-Ed25519 CipherString and Signature Algorithm Selection test-16 = 16-Ed448 CipherString and Signature Algorithm Selection -test-17 = 17-Ed25519 CipherString and Curves Selection -test-18 = 18-Ed448 CipherString and Curves Selection -test-19 = 19-TLS 1.2 Ed25519 Client Auth -test-20 = 20-TLS 1.2 Ed448 Client Auth -test-21 = 21-ECDSA Signature Algorithm Selection SHA1 -test-22 = 22-ECDSA with brainpool +test-17 = 17-TLS 1.2 Ed25519 Client Auth +test-18 = 18-TLS 1.2 Ed448 Client Auth +test-19 = 19-ECDSA Signature Algorithm Selection SHA1 +test-20 = 20-ECDSA with brainpool +test-21 = 21-Ed25519 CipherString and Curves Selection +test-22 = 22-Ed448 CipherString and Curves Selection test-23 = 23-RSA-PSS Certificate CipherString Selection test-24 = 24-RSA-PSS Certificate Legacy Signature Algorithm Selection test-25 = 25-RSA-PSS Certificate Unified Signature Algorithm Selection @@ -602,91 +602,21 @@ ExpectedServerSignType = Ed448 # =========================================================== -[17-Ed25519 CipherString and Curves Selection] -ssl_conf = 17-Ed25519 CipherString and Curves Selection-ssl +[17-TLS 1.2 Ed25519 Client Auth] +ssl_conf = 17-TLS 1.2 Ed25519 Client Auth-ssl -[17-Ed25519 CipherString and Curves Selection-ssl] -server = 17-Ed25519 CipherString and Curves Selection-server -client = 17-Ed25519 CipherString and Curves Selection-client +[17-TLS 1.2 Ed25519 Client Auth-ssl] +server = 17-TLS 1.2 Ed25519 Client Auth-server +client = 17-TLS 1.2 Ed25519 Client Auth-client -[17-Ed25519 CipherString and Curves Selection-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem -ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem -Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem -Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem -Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem -Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[17-Ed25519 CipherString and Curves Selection-client] -CipherString = aECDSA -Curves = X25519 -MaxProtocol = TLSv1.2 -SignatureAlgorithms = ECDSA+SHA256:ed25519 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-17] -ExpectedResult = Success -ExpectedServerCertType = Ed25519 -ExpectedServerSignType = Ed25519 - - -# =========================================================== - -[18-Ed448 CipherString and Curves Selection] -ssl_conf = 18-Ed448 CipherString and Curves Selection-ssl - -[18-Ed448 CipherString and Curves Selection-ssl] -server = 18-Ed448 CipherString and Curves Selection-server -client = 18-Ed448 CipherString and Curves Selection-client - -[18-Ed448 CipherString and Curves Selection-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem -ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem -Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem -Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem -Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem -Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[18-Ed448 CipherString and Curves Selection-client] -CipherString = aECDSA -Curves = X448 -MaxProtocol = TLSv1.2 -SignatureAlgorithms = ECDSA+SHA256:ed448 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem -VerifyMode = Peer - -[test-18] -ExpectedResult = Success -ExpectedServerCertType = Ed448 -ExpectedServerSignType = Ed448 - - -# =========================================================== - -[19-TLS 1.2 Ed25519 Client Auth] -ssl_conf = 19-TLS 1.2 Ed25519 Client Auth-ssl - -[19-TLS 1.2 Ed25519 Client Auth-ssl] -server = 19-TLS 1.2 Ed25519 Client Auth-server -client = 19-TLS 1.2 Ed25519 Client Auth-client - -[19-TLS 1.2 Ed25519 Client Auth-server] +[17-TLS 1.2 Ed25519 Client Auth-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Require -[19-TLS 1.2 Ed25519 Client Auth-client] +[17-TLS 1.2 Ed25519 Client Auth-client] CipherString = DEFAULT Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem @@ -695,7 +625,7 @@ MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-19] +[test-17] ExpectedClientCertType = Ed25519 ExpectedClientSignType = Ed25519 ExpectedResult = Success @@ -703,21 +633,21 @@ ExpectedResult = Success # =========================================================== -[20-TLS 1.2 Ed448 Client Auth] -ssl_conf = 20-TLS 1.2 Ed448 Client Auth-ssl +[18-TLS 1.2 Ed448 Client Auth] +ssl_conf = 18-TLS 1.2 Ed448 Client Auth-ssl -[20-TLS 1.2 Ed448 Client Auth-ssl] -server = 20-TLS 1.2 Ed448 Client Auth-server -client = 20-TLS 1.2 Ed448 Client Auth-client +[18-TLS 1.2 Ed448 Client Auth-ssl] +server = 18-TLS 1.2 Ed448 Client Auth-server +client = 18-TLS 1.2 Ed448 Client Auth-client -[20-TLS 1.2 Ed448 Client Auth-server] +[18-TLS 1.2 Ed448 Client Auth-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Require -[20-TLS 1.2 Ed448 Client Auth-client] +[18-TLS 1.2 Ed448 Client Auth-client] CipherString = DEFAULT Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed448-cert.pem Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed448-key.pem @@ -726,7 +656,7 @@ MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-20] +[test-18] ExpectedClientCertType = Ed448 ExpectedClientSignType = Ed448 ExpectedResult = Success @@ -734,14 +664,14 @@ ExpectedResult = Success # =========================================================== -[21-ECDSA Signature Algorithm Selection SHA1] -ssl_conf = 21-ECDSA Signature Algorithm Selection SHA1-ssl +[19-ECDSA Signature Algorithm Selection SHA1] +ssl_conf = 19-ECDSA Signature Algorithm Selection SHA1-ssl -[21-ECDSA Signature Algorithm Selection SHA1-ssl] -server = 21-ECDSA Signature Algorithm Selection SHA1-server -client = 21-ECDSA Signature Algorithm Selection SHA1-client +[19-ECDSA Signature Algorithm Selection SHA1-ssl] +server = 19-ECDSA Signature Algorithm Selection SHA1-server +client = 19-ECDSA Signature Algorithm Selection SHA1-client -[21-ECDSA Signature Algorithm Selection SHA1-server] +[19-ECDSA Signature Algorithm Selection SHA1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem @@ -753,13 +683,13 @@ Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[21-ECDSA Signature Algorithm Selection SHA1-client] +[19-ECDSA Signature Algorithm Selection SHA1-client] CipherString = DEFAULT:@SECLEVEL=0 SignatureAlgorithms = ECDSA+SHA1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-21] +[test-19] ExpectedResult = Success ExpectedServerCertType = P-256 ExpectedServerSignHash = SHA1 @@ -768,20 +698,20 @@ ExpectedServerSignType = EC # =========================================================== -[22-ECDSA with brainpool] -ssl_conf = 22-ECDSA with brainpool-ssl +[20-ECDSA with brainpool] +ssl_conf = 20-ECDSA with brainpool-ssl -[22-ECDSA with brainpool-ssl] -server = 22-ECDSA with brainpool-server -client = 22-ECDSA with brainpool-client +[20-ECDSA with brainpool-ssl] +server = 20-ECDSA with brainpool-server +client = 20-ECDSA with brainpool-client -[22-ECDSA with brainpool-server] +[20-ECDSA with brainpool-server] Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem CipherString = DEFAULT Groups = brainpoolP256r1 PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem -[22-ECDSA with brainpool-client] +[20-ECDSA with brainpool-client] CipherString = aECDSA Groups = brainpoolP256r1 MaxProtocol = TLSv1.2 @@ -789,13 +719,83 @@ RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-22] +[test-20] ExpectedResult = Success ExpectedServerCANames = empty ExpectedServerCertType = brainpoolP256r1 ExpectedServerSignType = EC +# =========================================================== + +[21-Ed25519 CipherString and Curves Selection] +ssl_conf = 21-Ed25519 CipherString and Curves Selection-ssl + +[21-Ed25519 CipherString and Curves Selection-ssl] +server = 21-Ed25519 CipherString and Curves Selection-server +client = 21-Ed25519 CipherString and Curves Selection-client + +[21-Ed25519 CipherString and Curves Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[21-Ed25519 CipherString and Curves Selection-client] +CipherString = aECDSA +Curves = X25519 +MaxProtocol = TLSv1.2 +SignatureAlgorithms = ECDSA+SHA256:ed25519 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-21] +ExpectedResult = Success +ExpectedServerCertType = Ed25519 +ExpectedServerSignType = Ed25519 + + +# =========================================================== + +[22-Ed448 CipherString and Curves Selection] +ssl_conf = 22-Ed448 CipherString and Curves Selection-ssl + +[22-Ed448 CipherString and Curves Selection-ssl] +server = 22-Ed448 CipherString and Curves Selection-server +client = 22-Ed448 CipherString and Curves Selection-client + +[22-Ed448 CipherString and Curves Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[22-Ed448 CipherString and Curves Selection-client] +CipherString = aECDSA +Curves = X448 +MaxProtocol = TLSv1.2 +SignatureAlgorithms = ECDSA+SHA256:ed448 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem +VerifyMode = Peer + +[test-22] +ExpectedResult = Success +ExpectedServerCertType = Ed448 +ExpectedServerSignType = Ed448 + + # =========================================================== [23-RSA-PSS Certificate CipherString Selection] diff --git a/test/ssl-tests/20-cert-select.cnf.in b/test/ssl-tests/20-cert-select.cnf.in index b8e689d565..6c9db7a907 100644 --- a/test/ssl-tests/20-cert-select.cnf.in +++ b/test/ssl-tests/20-cert-select.cnf.in @@ -328,41 +328,6 @@ our @tests = ( "ExpectedResult" => "Success" }, }, - { - name => "Ed25519 CipherString and Curves Selection", - server => $server, - client => { - "CipherString" => "aECDSA", - "MaxProtocol" => "TLSv1.2", - "SignatureAlgorithms" => "ECDSA+SHA256:ed25519", - # Excluding P-256 from the supported curves list means server - # certificate should be Ed25519 and not P-256 - "Curves" => "X25519" - }, - test => { - "ExpectedServerCertType" =>, "Ed25519", - "ExpectedServerSignType" =>, "Ed25519", - "ExpectedResult" => "Success" - }, - }, - { - name => "Ed448 CipherString and Curves Selection", - server => $server, - client => { - "CipherString" => "aECDSA", - "MaxProtocol" => "TLSv1.2", - "SignatureAlgorithms" => "ECDSA+SHA256:ed448", - "VerifyCAFile" => test_pem("root-ed448-cert.pem"), - # Excluding P-256 from the supported curves list means server - # certificate should be Ed25519 and not P-256 - "Curves" => "X448" - }, - test => { - "ExpectedServerCertType" =>, "Ed448", - "ExpectedServerSignType" =>, "Ed448", - "ExpectedResult" => "Success" - }, - }, { name => "TLS 1.2 Ed25519 Client Auth", server => { @@ -446,6 +411,41 @@ my @tests_non_fips = ( "ExpectedResult" => "Success" }, }, + { + name => "Ed25519 CipherString and Curves Selection", + server => $server, + client => { + "CipherString" => "aECDSA", + "MaxProtocol" => "TLSv1.2", + "SignatureAlgorithms" => "ECDSA+SHA256:ed25519", + # Excluding P-256 from the supported curves list means server + # certificate should be Ed25519 and not P-256 + "Curves" => "X25519" + }, + test => { + "ExpectedServerCertType" =>, "Ed25519", + "ExpectedServerSignType" =>, "Ed25519", + "ExpectedResult" => "Success" + }, + }, + { + name => "Ed448 CipherString and Curves Selection", + server => $server, + client => { + "CipherString" => "aECDSA", + "MaxProtocol" => "TLSv1.2", + "SignatureAlgorithms" => "ECDSA+SHA256:ed448", + "VerifyCAFile" => test_pem("root-ed448-cert.pem"), + # Excluding P-256 from the supported curves list means server + # certificate should be Ed25519 and not P-256 + "Curves" => "X448" + }, + test => { + "ExpectedServerCertType" =>, "Ed448", + "ExpectedServerSignType" =>, "Ed448", + "ExpectedResult" => "Success" + }, + }, ); my @tests_pss = ( diff --git a/test/ssl-tests/28-seclevel.cnf.in b/test/ssl-tests/28-seclevel.cnf.in index 9204f215e5..f227deadcd 100644 --- a/test/ssl-tests/28-seclevel.cnf.in +++ b/test/ssl-tests/28-seclevel.cnf.in @@ -1,5 +1,5 @@ # -*- mode: perl; -*- -# Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -56,7 +56,10 @@ our @tests_ec = ( client => { "CipherString" => "DEFAULT:\@SECLEVEL=5", "VerifyCAFile" => test_pem("root-ed448-cert.pem") }, test => { "ExpectedResult" => "ServerFail" }, - }, + } +); + +our @tests_ec_non_fips = ( { name => "SECLEVEL 3 with P-384 key, X25519 ECDHE", server => { "CipherString" => "DEFAULT:\@SECLEVEL=3", @@ -81,5 +84,6 @@ our @tests_tls1_2 = ( }, ); +push @tests_ec, @tests_ec_non_fips unless $fips_mode; push @tests, @tests_ec unless disabled("ecx"); push @tests, @tests_tls1_2 unless disabled("tls1_2") || disabled("ecx"); diff --git a/test/ssl_old_test.c b/test/ssl_old_test.c index 430e1801e7..3e668e11dd 100644 --- a/test/ssl_old_test.c +++ b/test/ssl_old_test.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * diff --git a/test/sslapitest.c b/test/sslapitest.c index 8515ff7cda..ad9108c6f3 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -190,7 +190,7 @@ static int compare_hex_encoded_buffer(const char *hex_encoded, return 1; for (i = j = 0; i < raw_length && j + 1 < hex_length; i++, j += 2) { - sprintf(hexed, "%02x", raw[i]); + BIO_snprintf(hexed, sizeof(hexed), "%02x", raw[i]); if (!TEST_int_eq(hexed[0], hex_encoded[j]) || !TEST_int_eq(hexed[1], hex_encoded[j + 1])) return 1; @@ -2425,7 +2425,6 @@ static int test_session_wo_ca_names(void) #endif } - #ifndef OSSL_NO_USABLE_TLS1_3 static SSL_SESSION *sesscache[6]; static int do_cache; @@ -3376,6 +3375,16 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity, static int artificial_ticket_time = 0; +static int sub_session_time(SSL_SESSION *sess) +{ + OSSL_TIME tick_time; + + tick_time = ossl_time_from_time_t(SSL_SESSION_get_time_ex(sess)); + tick_time = ossl_time_subtract(tick_time, ossl_seconds2time(10)); + + return SSL_SESSION_set_time_ex(sess, ossl_time_to_time_t(tick_time)) != 0; +} + static int ed_gen_cb(SSL *s, void *arg) { SSL_SESSION *sess = SSL_get0_session(s); @@ -3391,10 +3400,7 @@ static int ed_gen_cb(SSL *s, void *arg) return 1; artificial_ticket_time--; - if (SSL_SESSION_set_time_ex(sess, SSL_SESSION_get_time_ex(sess) - 10) == 0) - return 0; - - return 1; + return sub_session_time(sess); } /* @@ -3494,8 +3500,7 @@ static int setupearly_data_test(SSL_CTX **cctx, SSL_CTX **sctx, SSL **clientssl, * gave it on the server side */ if (artificial - && !TEST_time_t_gt(SSL_SESSION_set_time_ex(*sess, - SSL_SESSION_get_time_ex(*sess) - 10), 0)) + && !TEST_true(sub_session_time(*sess))) return 0; if (!TEST_true(create_ssl_objects(*sctx, *cctx, serverssl, @@ -3506,6 +3511,25 @@ static int setupearly_data_test(SSL_CTX **cctx, SSL_CTX **sctx, SSL **clientssl, return 1; } +static int check_early_data_timeout(OSSL_TIME timer) +{ + int res = 0; + + /* + * Early data is time sensitive. We have an approx 8 second allowance + * between writing the early data and reading it. If we exceed that time + * then this test will fail. This can sometimes (rarely) occur in normal CI + * operation. We can try and detect this and just ignore the result of this + * test if it has taken too long. We assume anything over 7 seconds is too + * long + */ + timer = ossl_time_subtract(ossl_time_now(), timer); + if (ossl_time_compare(timer, ossl_seconds2time(7)) >= 0) + res = TEST_skip("Test took too long, ignoring result"); + + return res; +} + static int test_early_data_read_write(int idx) { SSL_CTX *cctx = NULL, *sctx = NULL; @@ -3515,6 +3539,7 @@ static int test_early_data_read_write(int idx) unsigned char buf[20], data[1024]; size_t readbytes, written, eoedlen, rawread, rawwritten; BIO *rbio; + OSSL_TIME timer; /* Artificially give the next 2 tickets some age for non PSK sessions */ if (idx != 2) @@ -3528,13 +3553,20 @@ static int test_early_data_read_write(int idx) artificial_ticket_time = 0; /* Write and read some early data */ + timer = ossl_time_now(); if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1), &written)) - || !TEST_size_t_eq(written, strlen(MSG1)) - || !TEST_int_eq(SSL_read_early_data(serverssl, buf, - sizeof(buf), &readbytes), - SSL_READ_EARLY_DATA_SUCCESS) - || !TEST_mem_eq(MSG1, readbytes, buf, strlen(MSG1)) + || !TEST_size_t_eq(written, strlen(MSG1))) + goto end; + + if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), + &readbytes), + SSL_READ_EARLY_DATA_SUCCESS)) { + testresult = check_early_data_timeout(timer); + goto end; + } + + if (!TEST_mem_eq(MSG1, readbytes, buf, strlen(MSG1)) || !TEST_int_eq(SSL_get_early_data_status(serverssl), SSL_EARLY_DATA_ACCEPTED)) goto end; @@ -3751,6 +3783,7 @@ static int test_early_data_replay_int(int idx, int usecb, int confopt) SSL_SESSION *sess = NULL; size_t readbytes, written; unsigned char buf[20]; + OSSL_TIME timer; allow_ed_cb_called = 0; @@ -3805,6 +3838,7 @@ static int test_early_data_replay_int(int idx, int usecb, int confopt) goto end; /* Write and read some early data */ + timer = ossl_time_now(); if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1), &written)) || !TEST_size_t_eq(written, strlen(MSG1))) @@ -3825,8 +3859,11 @@ static int test_early_data_replay_int(int idx, int usecb, int confopt) /* In this case the callback decides to accept the early data */ if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), &readbytes), - SSL_READ_EARLY_DATA_SUCCESS) - || !TEST_mem_eq(MSG1, strlen(MSG1), buf, readbytes) + SSL_READ_EARLY_DATA_SUCCESS)) { + testresult = check_early_data_timeout(timer); + goto end; + } + if (!TEST_mem_eq(MSG1, strlen(MSG1), buf, readbytes) /* * Server will have sent its flight so client can now send * end of early data and complete its half of the handshake @@ -4343,13 +4380,19 @@ static int test_early_data_psk(int idx) || !TEST_int_eq(ERR_GET_REASON(ERR_get_error()), err)) goto end; } else { + OSSL_TIME timer = ossl_time_now(); + if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1), &written))) goto end; if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), - &readbytes), readearlyres) - || (readearlyres == SSL_READ_EARLY_DATA_SUCCESS + &readbytes), readearlyres)) { + testresult = check_early_data_timeout(timer); + goto end; + } + + if ((readearlyres == SSL_READ_EARLY_DATA_SUCCESS && !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1))) || !TEST_int_eq(SSL_get_early_data_status(serverssl), edstatus) || !TEST_int_eq(SSL_connect(clientssl), connectres)) @@ -4387,6 +4430,7 @@ static int test_early_data_psk_with_all_ciphers(int idx) unsigned char buf[20]; size_t readbytes, written; const SSL_CIPHER *cipher; + OSSL_TIME timer; const char *cipher_str[] = { TLS1_3_RFC_AES_128_GCM_SHA256, TLS1_3_RFC_AES_256_GCM_SHA384, @@ -4444,14 +4488,19 @@ static int test_early_data_psk_with_all_ciphers(int idx) goto end; SSL_set_connect_state(clientssl); + timer = ossl_time_now(); if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1), &written))) goto end; if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), &readbytes), - SSL_READ_EARLY_DATA_SUCCESS) - || !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1)) + SSL_READ_EARLY_DATA_SUCCESS)) { + testresult = check_early_data_timeout(timer); + goto end; + } + + if (!TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1)) || !TEST_int_eq(SSL_get_early_data_status(serverssl), SSL_EARLY_DATA_ACCEPTED) || !TEST_int_eq(SSL_connect(clientssl), 1) @@ -4899,10 +4948,14 @@ static int test_key_exchange(int idx) break; # ifndef OPENSSL_NO_ECX case 4: + if (is_fips) + return TEST_skip("X25519 might not be supported by fips provider."); kexch_alg = NID_X25519; kexch_name0 = "x25519"; break; case 5: + if (is_fips) + return TEST_skip("X448 might not be supported by fips provider."); kexch_alg = NID_X448; kexch_name0 = "x448"; break; @@ -5121,6 +5174,9 @@ static int test_negotiated_group(int idx) else expectednid = kexch_alg; + if (is_fips && (kexch_alg == NID_X25519 || kexch_alg == NID_X448)) + return TEST_skip("X25519 and X448 might not be available in fips provider."); + if (!istls13) max_version = TLS1_2_VERSION; @@ -7767,6 +7823,7 @@ static int test_info_callback(int tst) SSL_SESSION *sess = NULL; size_t written, readbytes; unsigned char buf[80]; + OSSL_TIME timer; /* early_data tests */ if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl, @@ -7781,13 +7838,20 @@ static int test_info_callback(int tst) sslapi_info_callback); /* Write and read some early data and then complete the connection */ + timer = ossl_time_now(); if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1), &written)) - || !TEST_size_t_eq(written, strlen(MSG1)) - || !TEST_int_eq(SSL_read_early_data(serverssl, buf, - sizeof(buf), &readbytes), - SSL_READ_EARLY_DATA_SUCCESS) - || !TEST_mem_eq(MSG1, readbytes, buf, strlen(MSG1)) + || !TEST_size_t_eq(written, strlen(MSG1))) + goto end; + + if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, + sizeof(buf), &readbytes), + SSL_READ_EARLY_DATA_SUCCESS)) { + testresult = check_early_data_timeout(timer); + goto end; + } + + if (!TEST_mem_eq(MSG1, readbytes, buf, strlen(MSG1)) || !TEST_int_eq(SSL_get_early_data_status(serverssl), SSL_EARLY_DATA_ACCEPTED) || !TEST_true(create_ssl_connection(serverssl, clientssl, @@ -9334,6 +9398,126 @@ static int test_session_timeout(int test) return testresult; } +/* + * Test that a session cache overflow works as expected + * Test 0: TLSv1.3, timeout on new session later than old session + * Test 1: TLSv1.2, timeout on new session later than old session + * Test 2: TLSv1.3, timeout on new session earlier than old session + * Test 3: TLSv1.2, timeout on new session earlier than old session + */ +#if !defined(OSSL_NO_USABLE_TLS1_3) || !defined(OPENSSL_NO_TLS1_2) +static int test_session_cache_overflow(int idx) +{ + SSL_CTX *sctx = NULL, *cctx = NULL; + SSL *serverssl = NULL, *clientssl = NULL; + int testresult = 0; + SSL_SESSION *sess = NULL; + +#ifdef OSSL_NO_USABLE_TLS1_3 + /* If no TLSv1.3 available then do nothing in this case */ + if (idx % 2 == 0) + return TEST_skip("No TLSv1.3 available"); +#endif +#ifdef OPENSSL_NO_TLS1_2 + /* If no TLSv1.2 available then do nothing in this case */ + if (idx % 2 == 1) + return TEST_skip("No TLSv1.2 available"); +#endif + + if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), + TLS_client_method(), TLS1_VERSION, + (idx % 2 == 0) ? TLS1_3_VERSION + : TLS1_2_VERSION, + &sctx, &cctx, cert, privkey)) + || !TEST_true(SSL_CTX_set_options(sctx, SSL_OP_NO_TICKET))) + goto end; + + SSL_CTX_sess_set_get_cb(sctx, get_session_cb); + get_sess_val = NULL; + + SSL_CTX_sess_set_cache_size(sctx, 1); + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL))) + goto end; + + if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) + goto end; + + if (idx > 1) { + sess = SSL_get_session(serverssl); + if (!TEST_ptr(sess)) + goto end; + + /* + * Cause this session to have a longer timeout than the next session to + * be added. + */ + if (!TEST_true(SSL_SESSION_set_timeout(sess, LONG_MAX))) { + sess = NULL; + goto end; + } + sess = NULL; + } + + SSL_shutdown(serverssl); + SSL_shutdown(clientssl); + SSL_free(serverssl); + SSL_free(clientssl); + serverssl = clientssl = NULL; + + /* + * Session cache size is 1 and we already populated the cache with a session + * so the next connection should cause an overflow. + */ + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL))) + goto end; + + if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) + goto end; + + /* + * The session we just negotiated may have been already removed from the + * internal cache - but we will return it anyway from our external cache. + */ + get_sess_val = SSL_get_session(serverssl); + if (!TEST_ptr(get_sess_val)) + goto end; + sess = SSL_get1_session(clientssl); + if (!TEST_ptr(sess)) + goto end; + + SSL_shutdown(serverssl); + SSL_shutdown(clientssl); + SSL_free(serverssl); + SSL_free(clientssl); + serverssl = clientssl = NULL; + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL))) + goto end; + + if (!TEST_true(SSL_set_session(clientssl, sess))) + goto end; + + if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) + goto end; + + testresult = 1; + + end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + SSL_SESSION_free(sess); + + return testresult; +} +#endif /* !defined(OSSL_NO_USABLE_TLS1_3) || !defined(OPENSSL_NO_TLS1_2) */ + /* * Test 0: Client sets servername and server acknowledges it (TLSv1.2) * Test 1: Client sets servername and server does not acknowledge it (TLSv1.2) @@ -9808,8 +9992,10 @@ static int create_cert_key(int idx, char *certfilename, char *privkeyfilename) * correctly establish a TLS (1.3) connection. * Test 0: Signature algorithm with built-in hashing functionality: "xorhmacsig" * Test 1: Signature algorithm using external SHA2 hashing: "xorhmacsha2sig" - * Test 2: Test 0 using RPK - * Test 3: Test 1 using RPK + * Test 2: Signature algorithm with built-in hashing configured via SSL_CONF_cmd + * Test 3: Test 0 using RPK + * Test 4: Test 1 using RPK + * Test 5: Test 2 using RPK */ static int test_pluggable_signature(int idx) { @@ -9821,8 +10007,14 @@ static int test_pluggable_signature(int idx) OSSL_PROVIDER *defaultprov = OSSL_PROVIDER_load(libctx, "default"); char *certfilename = "tls-prov-cert.pem"; char *privkeyfilename = "tls-prov-key.pem"; - int sigidx = idx % 2; - int rpkidx = idx / 2; + int sigidx = idx % 3; + int rpkidx = idx / 3; + int do_conf_cmd = 0; + + if (sigidx == 2) { + sigidx = 0; + do_conf_cmd = 1; + } /* create key and certificate for the different algorithm types */ if (!TEST_ptr(tlsprov) @@ -9833,9 +10025,40 @@ static int test_pluggable_signature(int idx) TLS_client_method(), TLS1_3_VERSION, TLS1_3_VERSION, - &sctx, &cctx, certfilename, privkeyfilename)) - || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL))) + &sctx, &cctx, NULL, NULL))) + goto end; + + if (do_conf_cmd) { + SSL_CONF_CTX *confctx = SSL_CONF_CTX_new(); + + if (!TEST_ptr(confctx)) + goto end; + SSL_CONF_CTX_set_flags(confctx, SSL_CONF_FLAG_FILE + | SSL_CONF_FLAG_SERVER + | SSL_CONF_FLAG_CERTIFICATE + | SSL_CONF_FLAG_REQUIRE_PRIVATE + | SSL_CONF_FLAG_SHOW_ERRORS); + SSL_CONF_CTX_set_ssl_ctx(confctx, sctx); + if (!TEST_int_gt(SSL_CONF_cmd(confctx, "Certificate", certfilename), 0) + || !TEST_int_gt(SSL_CONF_cmd(confctx, "PrivateKey", privkeyfilename), 0) + || !TEST_true(SSL_CONF_CTX_finish(confctx))) { + SSL_CONF_CTX_free(confctx); + goto end; + } + SSL_CONF_CTX_free(confctx); + } else { + if (!TEST_int_eq(SSL_CTX_use_certificate_file(sctx, certfilename, + SSL_FILETYPE_PEM), 1) + || !TEST_int_eq(SSL_CTX_use_PrivateKey_file(sctx, + privkeyfilename, + SSL_FILETYPE_PEM), 1)) + goto end; + } + if (!TEST_int_eq(SSL_CTX_check_private_key(sctx), 1)) + goto end; + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL))) goto end; /* Enable RPK for server cert */ @@ -9944,6 +10167,94 @@ static int test_ssl_dup(void) return testresult; } +static int secret_cb(SSL *s, void *secretin, int *secret_len, + STACK_OF(SSL_CIPHER) *peer_ciphers, + const SSL_CIPHER **cipher, void *arg) +{ + int i; + unsigned char *secret = secretin; + + /* Just use a fixed master secret */ + for (i = 0; i < *secret_len; i++) + secret[i] = 0xff; + + /* We don't set a preferred cipher */ + + return 1; +} + +/* + * Test the session_secret_cb which is designed for use with EAP-FAST + */ +static int test_session_secret_cb(void) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + SSL_SESSION *secret_sess = NULL; + int testresult = 0; + + if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), + TLS_client_method(), + 0, + 0, + &sctx, &cctx, cert, privkey))) + goto end; + + /* Create an initial connection and save the session */ + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL))) + goto end; + + /* session_secret_cb does not support TLSv1.3 */ + if (!TEST_true(SSL_set_min_proto_version(clientssl, TLS1_2_VERSION)) + || !TEST_true(SSL_set_max_proto_version(serverssl, TLS1_2_VERSION))) + goto end; + + if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) + goto end; + + if (!TEST_ptr(secret_sess = SSL_get1_session(clientssl))) + goto end; + + shutdown_ssl_connection(serverssl, clientssl); + serverssl = clientssl = NULL; + + /* Resume the earlier session */ + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL))) + goto end; + + /* + * No session ids for EAP-FAST - otherwise the state machine gets very + * confused. + */ + if (!TEST_true(SSL_SESSION_set1_id(secret_sess, NULL, 0))) + goto end; + + if (!TEST_true(SSL_set_min_proto_version(clientssl, TLS1_2_VERSION)) + || !TEST_true(SSL_set_max_proto_version(serverssl, TLS1_2_VERSION)) + || !TEST_true(SSL_set_session_secret_cb(serverssl, secret_cb, + NULL)) + || !TEST_true(SSL_set_session_secret_cb(clientssl, secret_cb, + NULL)) + || !TEST_true(SSL_set_session(clientssl, secret_sess))) + goto end; + + if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) + goto end; + + testresult = 1; + + end: + SSL_SESSION_free(secret_sess); + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return testresult; +} + # ifndef OPENSSL_NO_DH static EVP_PKEY *tmp_dh_params = NULL; @@ -10884,27 +11195,6 @@ end: #endif /* OSSL_NO_USABLE_TLS1_3 */ #if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_DYNAMIC_ENGINE) - -static ENGINE *load_dasync(void) -{ - ENGINE *e; - - if (!TEST_ptr(e = ENGINE_by_id("dasync"))) - return NULL; - - if (!TEST_true(ENGINE_init(e))) { - ENGINE_free(e); - return NULL; - } - - if (!TEST_true(ENGINE_register_ciphers(e))) { - ENGINE_free(e); - return NULL; - } - - return e; -} - /* * Test TLSv1.2 with a pipeline capable cipher. TLSv1.3 and DTLS do not * support this yet. The only pipeline capable cipher that we have is in the @@ -11514,6 +11804,539 @@ end: return testresult; } +struct resume_servername_cb_data { + int i; + SSL_CTX *cctx; + SSL_CTX *sctx; + SSL_SESSION *sess; + int recurse; +}; + +/* + * Servername callback. We use it here to run another complete handshake using + * the same session - and mark the session as not_resuamble at the end + */ +static int resume_servername_cb(SSL *s, int *ad, void *arg) +{ + struct resume_servername_cb_data *cbdata = arg; + SSL *serverssl = NULL, *clientssl = NULL; + int ret = SSL_TLSEXT_ERR_ALERT_FATAL; + + if (cbdata->recurse) + return SSL_TLSEXT_ERR_ALERT_FATAL; + + if ((cbdata->i % 3) != 1) + return SSL_TLSEXT_ERR_OK; + + cbdata->recurse = 1; + + if (!TEST_true(create_ssl_objects(cbdata->sctx, cbdata->cctx, &serverssl, + &clientssl, NULL, NULL)) + || !TEST_true(SSL_set_session(clientssl, cbdata->sess))) + goto end; + + ERR_set_mark(); + /* + * We expect this to fail - because the servername cb will fail. This will + * mark the session as not_resumable. + */ + if (!TEST_false(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) { + ERR_clear_last_mark(); + goto end; + } + ERR_pop_to_mark(); + + ret = SSL_TLSEXT_ERR_OK; + end: + SSL_free(serverssl); + SSL_free(clientssl); + cbdata->recurse = 0; + return ret; +} +/* + * Test multiple resumptions and cache size handling + * Test 0: TLSv1.3 (max_early_data set) + * Test 1: TLSv1.3 (SSL_OP_NO_TICKET set) + * Test 2: TLSv1.3 (max_early_data and SSL_OP_NO_TICKET set) + * Test 3: TLSv1.3 (SSL_OP_NO_TICKET, simultaneous resumes) + * Test 4: TLSv1.2 + */ +static int test_multi_resume(int idx) +{ + SSL_CTX *sctx = NULL, *cctx = NULL; + SSL *serverssl = NULL, *clientssl = NULL; + SSL_SESSION *sess = NULL; + int max_version = TLS1_3_VERSION; + int i, testresult = 0; + struct resume_servername_cb_data cbdata; + +#if defined(OPENSSL_NO_TLS1_2) + if (idx == 4) + return TEST_skip("TLSv1.2 is disabled in this build"); +#else + if (idx == 4) + max_version = TLS1_2_VERSION; +#endif +#if defined(OSSL_NO_USABLE_TLS1_3) + if (idx != 4) + return TEST_skip("No usable TLSv1.3 in this build"); +#endif + + if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), + TLS_client_method(), TLS1_VERSION, + max_version, &sctx, &cctx, cert, + privkey))) + goto end; + + /* + * TLSv1.3 only uses a session cache if either max_early_data > 0 (used for + * replay protection), or if SSL_OP_NO_TICKET is in use + */ + if (idx == 0 || idx == 2) { + if (!TEST_true(SSL_CTX_set_max_early_data(sctx, 1024))) + goto end; + } + if (idx == 1 || idx == 2 || idx == 3) + SSL_CTX_set_options(sctx, SSL_OP_NO_TICKET); + + SSL_CTX_sess_set_cache_size(sctx, 5); + + if (idx == 3) { + SSL_CTX_set_tlsext_servername_callback(sctx, resume_servername_cb); + SSL_CTX_set_tlsext_servername_arg(sctx, &cbdata); + cbdata.cctx = cctx; + cbdata.sctx = sctx; + cbdata.recurse = 0; + } + + for (i = 0; i < 30; i++) { + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL)) + || !TEST_true(SSL_set_session(clientssl, sess))) + goto end; + + /* + * Check simultaneous resumes. We pause the connection part way through + * the handshake by (mis)using the servername_cb. The pause occurs after + * session resumption has already occurred, but before any session + * tickets have been issued. While paused we run another complete + * handshake resuming the same session. + */ + if (idx == 3) { + cbdata.i = i; + cbdata.sess = sess; + } + + /* + * Recreate a bug where dynamically changing the max_early_data value + * can cause sessions in the session cache which cannot be deleted. + */ + if ((idx == 0 || idx == 2) && (i % 3) == 2) + SSL_set_max_early_data(serverssl, 0); + + if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) + goto end; + + if (sess == NULL || (idx == 0 && (i % 3) == 2)) { + if (!TEST_false(SSL_session_reused(clientssl))) + goto end; + } else { + if (!TEST_true(SSL_session_reused(clientssl))) + goto end; + } + SSL_SESSION_free(sess); + + /* Do a full handshake, followed by two resumptions */ + if ((i % 3) == 2) { + sess = NULL; + } else { + if (!TEST_ptr((sess = SSL_get1_session(clientssl)))) + goto end; + } + + SSL_shutdown(clientssl); + SSL_shutdown(serverssl); + SSL_free(serverssl); + SSL_free(clientssl); + serverssl = clientssl = NULL; + } + + /* We should never exceed the session cache size limit */ + if (!TEST_long_le(SSL_CTX_sess_number(sctx), 5)) + goto end; + + testresult = 1; + end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + SSL_SESSION_free(sess); + return testresult; +} + +static struct next_proto_st { + int serverlen; + unsigned char server[40]; + int clientlen; + unsigned char client[40]; + int expected_ret; + size_t selectedlen; + unsigned char selected[40]; +} next_proto_tests[] = { + { + 4, { 3, 'a', 'b', 'c' }, + 4, { 3, 'a', 'b', 'c' }, + OPENSSL_NPN_NEGOTIATED, + 3, { 'a', 'b', 'c' } + }, + { + 7, { 3, 'a', 'b', 'c', 2, 'a', 'b' }, + 4, { 3, 'a', 'b', 'c' }, + OPENSSL_NPN_NEGOTIATED, + 3, { 'a', 'b', 'c' } + }, + { + 7, { 2, 'a', 'b', 3, 'a', 'b', 'c', }, + 4, { 3, 'a', 'b', 'c' }, + OPENSSL_NPN_NEGOTIATED, + 3, { 'a', 'b', 'c' } + }, + { + 4, { 3, 'a', 'b', 'c' }, + 7, { 3, 'a', 'b', 'c', 2, 'a', 'b', }, + OPENSSL_NPN_NEGOTIATED, + 3, { 'a', 'b', 'c' } + }, + { + 4, { 3, 'a', 'b', 'c' }, + 7, { 2, 'a', 'b', 3, 'a', 'b', 'c'}, + OPENSSL_NPN_NEGOTIATED, + 3, { 'a', 'b', 'c' } + }, + { + 7, { 2, 'b', 'c', 3, 'a', 'b', 'c' }, + 7, { 2, 'a', 'b', 3, 'a', 'b', 'c'}, + OPENSSL_NPN_NEGOTIATED, + 3, { 'a', 'b', 'c' } + }, + { + 10, { 2, 'b', 'c', 3, 'a', 'b', 'c', 2, 'a', 'b' }, + 7, { 2, 'a', 'b', 3, 'a', 'b', 'c'}, + OPENSSL_NPN_NEGOTIATED, + 3, { 'a', 'b', 'c' } + }, + { + 4, { 3, 'b', 'c', 'd' }, + 4, { 3, 'a', 'b', 'c' }, + OPENSSL_NPN_NO_OVERLAP, + 3, { 'a', 'b', 'c' } + }, + { + 0, { 0 }, + 4, { 3, 'a', 'b', 'c' }, + OPENSSL_NPN_NO_OVERLAP, + 3, { 'a', 'b', 'c' } + }, + { + -1, { 0 }, + 4, { 3, 'a', 'b', 'c' }, + OPENSSL_NPN_NO_OVERLAP, + 3, { 'a', 'b', 'c' } + }, + { + 4, { 3, 'a', 'b', 'c' }, + 0, { 0 }, + OPENSSL_NPN_NO_OVERLAP, + 0, { 0 } + }, + { + 4, { 3, 'a', 'b', 'c' }, + -1, { 0 }, + OPENSSL_NPN_NO_OVERLAP, + 0, { 0 } + }, + { + 3, { 3, 'a', 'b', 'c' }, + 4, { 3, 'a', 'b', 'c' }, + OPENSSL_NPN_NO_OVERLAP, + 3, { 'a', 'b', 'c' } + }, + { + 4, { 3, 'a', 'b', 'c' }, + 3, { 3, 'a', 'b', 'c' }, + OPENSSL_NPN_NO_OVERLAP, + 0, { 0 } + } +}; + +static int test_select_next_proto(int idx) +{ + struct next_proto_st *np = &next_proto_tests[idx]; + int ret = 0; + unsigned char *out, *client, *server; + unsigned char outlen; + unsigned int clientlen, serverlen; + + if (np->clientlen == -1) { + client = NULL; + clientlen = 0; + } else { + client = np->client; + clientlen = (unsigned int)np->clientlen; + } + if (np->serverlen == -1) { + server = NULL; + serverlen = 0; + } else { + server = np->server; + serverlen = (unsigned int)np->serverlen; + } + + if (!TEST_int_eq(SSL_select_next_proto(&out, &outlen, server, serverlen, + client, clientlen), + np->expected_ret)) + goto err; + + if (np->selectedlen == 0) { + if (!TEST_ptr_null(out) || !TEST_uchar_eq(outlen, 0)) + goto err; + } else { + if (!TEST_mem_eq(out, outlen, np->selected, np->selectedlen)) + goto err; + } + + ret = 1; + err: + return ret; +} + +static const unsigned char fooprot[] = {3, 'f', 'o', 'o' }; +static const unsigned char barprot[] = {3, 'b', 'a', 'r' }; + +#if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_NEXTPROTONEG) +static int npn_advert_cb(SSL *ssl, const unsigned char **out, + unsigned int *outlen, void *arg) +{ + int *idx = (int *)arg; + + switch (*idx) { + default: + case 0: + *out = fooprot; + *outlen = sizeof(fooprot); + return SSL_TLSEXT_ERR_OK; + + case 1: + *out = NULL; + *outlen = 0; + return SSL_TLSEXT_ERR_OK; + + case 2: + return SSL_TLSEXT_ERR_NOACK; + } +} + +static int npn_select_cb(SSL *s, unsigned char **out, unsigned char *outlen, + const unsigned char *in, unsigned int inlen, void *arg) +{ + int *idx = (int *)arg; + + switch (*idx) { + case 0: + case 1: + *out = (unsigned char *)(fooprot + 1); + *outlen = *fooprot; + return SSL_TLSEXT_ERR_OK; + + case 3: + *out = (unsigned char *)(barprot + 1); + *outlen = *barprot; + return SSL_TLSEXT_ERR_OK; + + case 4: + *outlen = 0; + return SSL_TLSEXT_ERR_OK; + + default: + case 2: + return SSL_TLSEXT_ERR_ALERT_FATAL; + } +} + +/* + * Test the NPN callbacks + * Test 0: advert = foo, select = foo + * Test 1: advert = , select = foo + * Test 2: no advert + * Test 3: advert = foo, select = bar + * Test 4: advert = foo, select = (should fail) + */ +static int test_npn(int idx) +{ + SSL_CTX *sctx = NULL, *cctx = NULL; + SSL *serverssl = NULL, *clientssl = NULL; + int testresult = 0; + + if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), + TLS_client_method(), 0, TLS1_2_VERSION, + &sctx, &cctx, cert, privkey))) + goto end; + + SSL_CTX_set_next_protos_advertised_cb(sctx, npn_advert_cb, &idx); + SSL_CTX_set_next_proto_select_cb(cctx, npn_select_cb, &idx); + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, + NULL))) + goto end; + + if (idx == 4) { + /* We don't allow empty selection of NPN, so this should fail */ + if (!TEST_false(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) + goto end; + } else { + const unsigned char *prot; + unsigned int protlen; + + if (!TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) + goto end; + + SSL_get0_next_proto_negotiated(serverssl, &prot, &protlen); + switch (idx) { + case 0: + case 1: + if (!TEST_mem_eq(prot, protlen, fooprot + 1, *fooprot)) + goto end; + break; + case 2: + if (!TEST_uint_eq(protlen, 0)) + goto end; + break; + case 3: + if (!TEST_mem_eq(prot, protlen, barprot + 1, *barprot)) + goto end; + break; + default: + TEST_error("Should not get here"); + goto end; + } + } + + testresult = 1; + end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return testresult; +} +#endif /* !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_NEXTPROTONEG) */ + +static int alpn_select_cb2(SSL *ssl, const unsigned char **out, + unsigned char *outlen, const unsigned char *in, + unsigned int inlen, void *arg) +{ + int *idx = (int *)arg; + + switch (*idx) { + case 0: + *out = (unsigned char *)(fooprot + 1); + *outlen = *fooprot; + return SSL_TLSEXT_ERR_OK; + + case 2: + *out = (unsigned char *)(barprot + 1); + *outlen = *barprot; + return SSL_TLSEXT_ERR_OK; + + case 3: + *outlen = 0; + return SSL_TLSEXT_ERR_OK; + + default: + case 1: + return SSL_TLSEXT_ERR_ALERT_FATAL; + } + return 0; +} + +/* + * Test the ALPN callbacks + * Test 0: client = foo, select = foo + * Test 1: client = , select = none + * Test 2: client = foo, select = bar (should fail) + * Test 3: client = foo, select = (should fail) + */ +static int test_alpn(int idx) +{ + SSL_CTX *sctx = NULL, *cctx = NULL; + SSL *serverssl = NULL, *clientssl = NULL; + int testresult = 0; + const unsigned char *prots = fooprot; + unsigned int protslen = sizeof(fooprot); + + if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), + TLS_client_method(), 0, 0, + &sctx, &cctx, cert, privkey))) + goto end; + + SSL_CTX_set_alpn_select_cb(sctx, alpn_select_cb2, &idx); + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, + NULL))) + goto end; + + if (idx == 1) { + prots = NULL; + protslen = 0; + } + + /* SSL_set_alpn_protos returns 0 for success! */ + if (!TEST_false(SSL_set_alpn_protos(clientssl, prots, protslen))) + goto end; + + if (idx == 2 || idx == 3) { + /* We don't allow empty selection of NPN, so this should fail */ + if (!TEST_false(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) + goto end; + } else { + const unsigned char *prot; + unsigned int protlen; + + if (!TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) + goto end; + + SSL_get0_alpn_selected(clientssl, &prot, &protlen); + switch (idx) { + case 0: + if (!TEST_mem_eq(prot, protlen, fooprot + 1, *fooprot)) + goto end; + break; + case 1: + if (!TEST_uint_eq(protlen, 0)) + goto end; + break; + default: + TEST_error("Should not get here"); + goto end; + } + } + + testresult = 1; + end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return testresult; +} + OPT_TEST_DECLARE_USAGE("certfile privkeyfile srpvfile tmpfile provider config dhfile\n") int setup_tests(void) @@ -11792,10 +12615,11 @@ int setup_tests(void) #endif #ifndef OPENSSL_NO_TLS1_3 ADD_ALL_TESTS(test_pluggable_group, 2); - ADD_ALL_TESTS(test_pluggable_signature, 4); + ADD_ALL_TESTS(test_pluggable_signature, 6); #endif #ifndef OPENSSL_NO_TLS1_2 ADD_TEST(test_ssl_dup); + ADD_TEST(test_session_secret_cb); # ifndef OPENSSL_NO_DH ADD_ALL_TESTS(test_set_tmp_dh, 11); ADD_ALL_TESTS(test_dh_auto, 7); @@ -11810,6 +12634,9 @@ int setup_tests(void) ADD_TEST(test_set_verify_cert_store_ssl_ctx); ADD_TEST(test_set_verify_cert_store_ssl); ADD_ALL_TESTS(test_session_timeout, 1); +#if !defined(OSSL_NO_USABLE_TLS1_3) || !defined(OPENSSL_NO_TLS1_2) + ADD_ALL_TESTS(test_session_cache_overflow, 4); +#endif ADD_TEST(test_load_dhfile); #ifndef OSSL_NO_USABLE_TLS1_3 ADD_TEST(test_read_ahead_key_change); @@ -11825,6 +12652,12 @@ int setup_tests(void) ADD_TEST(test_rstate_string); ADD_ALL_TESTS(test_handshake_retry, 16); ADD_TEST(test_data_retry); + ADD_ALL_TESTS(test_multi_resume, 5); + ADD_ALL_TESTS(test_select_next_proto, OSSL_NELEM(next_proto_tests)); +#if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_NEXTPROTONEG) + ADD_ALL_TESTS(test_npn, 5); +#endif + ADD_ALL_TESTS(test_alpn, 4); return 1; err: diff --git a/test/sslbuffertest.c b/test/sslbuffertest.c index 94229d54d6..a024e36e93 100644 --- a/test/sslbuffertest.c +++ b/test/sslbuffertest.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -8,10 +8,19 @@ * or in the file LICENSE in the source distribution. */ +/* + * We need access to the deprecated low level Engine APIs for legacy purposes + * when the deprecated calls are not hidden + */ +#ifndef OPENSSL_NO_DEPRECATED_3_0 +# define OPENSSL_SUPPRESS_DEPRECATED +#endif + #include #include #include #include +#include /* We include internal headers so we can check if the buffers are allocated */ #include "../ssl/ssl_local.h" @@ -175,6 +184,166 @@ static int test_func(int test) return result; } +/* + * Test that attempting to free the buffers at points where they cannot be freed + * works as expected + * Test 0: Attempt to free buffers after a full record has been processed, but + * the application has only performed a partial read + * Test 1: Attempt to free buffers after only a partial record header has been + * received + * Test 2: Attempt to free buffers after a full record header but no record body + * Test 3: Attempt to free buffers after a full record hedaer and partial record + * body + * Test 4-7: We repeat tests 0-3 but including data from a second pipelined + * record + */ +static int test_free_buffers(int test) +{ + int result = 0; + SSL *serverssl = NULL, *clientssl = NULL; + const char testdata[] = "Test data"; + char buf[120]; + size_t written, readbytes; + int i, pipeline = test > 3; + ENGINE *e = NULL; + + if (pipeline) { + e = load_dasync(); + if (e == NULL) + goto end; + test -= 4; + } + + if (!TEST_true(create_ssl_objects(serverctx, clientctx, &serverssl, + &clientssl, NULL, NULL))) + goto end; + + if (pipeline) { + if (!TEST_true(SSL_set_cipher_list(serverssl, "AES128-SHA")) + || !TEST_true(SSL_set_max_proto_version(serverssl, + TLS1_2_VERSION)) + || !TEST_true(SSL_set_max_pipelines(serverssl, 2))) + goto end; + } + + if (!TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) + goto end; + + /* + * For the non-pipeline case we write one record. For pipelining we write + * two records. + */ + for (i = 0; i <= pipeline; i++) { + if (!TEST_true(SSL_write_ex(clientssl, testdata, strlen(testdata), + &written))) + goto end; + } + + if (test == 0) { + size_t readlen = 1; + + /* + * Deliberately only read the first byte - so the remaining bytes are + * still buffered. In the pipelining case we read as far as the first + * byte from the second record. + */ + if (pipeline) + readlen += strlen(testdata); + + if (!TEST_true(SSL_read_ex(serverssl, buf, readlen, &readbytes)) + || !TEST_size_t_eq(readlen, readbytes)) + goto end; + } else { + BIO *tmp; + size_t partial_len; + + /* Remove all the data that is pending for read by the server */ + tmp = SSL_get_rbio(serverssl); + if (!TEST_true(BIO_read_ex(tmp, buf, sizeof(buf), &readbytes)) + || !TEST_size_t_lt(readbytes, sizeof(buf)) + || !TEST_size_t_gt(readbytes, SSL3_RT_HEADER_LENGTH)) + goto end; + + switch(test) { + case 1: + partial_len = SSL3_RT_HEADER_LENGTH - 1; + break; + case 2: + partial_len = SSL3_RT_HEADER_LENGTH; + break; + case 3: + partial_len = readbytes - 1; + break; + default: + TEST_error("Invalid test index"); + goto end; + } + + if (pipeline) { + /* We happen to know the first record is 57 bytes long */ + const size_t first_rec_len = 57; + + if (test != 3) + partial_len += first_rec_len; + + /* + * Sanity check. If we got the record len right then this should + * never fail. + */ + if (!TEST_int_eq(buf[first_rec_len], SSL3_RT_APPLICATION_DATA)) + goto end; + } + + /* + * Put back just the partial record (plus the whole initial record in + * the pipelining case) + */ + if (!TEST_true(BIO_write_ex(tmp, buf, partial_len, &written))) + goto end; + + if (pipeline) { + /* + * Attempt a read. This should pass but only return data from the + * first record. Only a partial record is available for the second + * record. + */ + if (!TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), + &readbytes)) + || !TEST_size_t_eq(readbytes, strlen(testdata))) + goto end; + } else { + /* + * Attempt a read. This should fail because only a partial record is + * available. + */ + if (!TEST_false(SSL_read_ex(serverssl, buf, sizeof(buf), + &readbytes))) + goto end; + } + } + + /* + * Attempting to free the buffers at this point should fail because they are + * still in use + */ + if (!TEST_false(SSL_free_buffers(serverssl))) + goto end; + + result = 1; + end: + SSL_free(clientssl); + SSL_free(serverssl); +#ifndef OPENSSL_NO_DYNAMIC_ENGINE + if (e != NULL) { + ENGINE_unregister_ciphers(e); + ENGINE_finish(e); + ENGINE_free(e); + } +#endif + return result; +} + OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n") int setup_tests(void) @@ -198,6 +367,11 @@ int setup_tests(void) } ADD_ALL_TESTS(test_func, 9); +#if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_DYNAMIC_ENGINE) + ADD_ALL_TESTS(test_free_buffers, 8); +#else + ADD_ALL_TESTS(test_free_buffers, 4); +#endif return 1; } diff --git a/test/test.cnf b/test/test.cnf index 8b2f92ad8e..8f68982a9f 100644 --- a/test/test.cnf +++ b/test/test.cnf @@ -72,3 +72,9 @@ commonName = CN field commonName_value = Eric Young emailAddress = email field emailAddress_value = eay@mincom.oz.au + +[ dirname_sec ] +C = UK +O = My Organization +OU = My Unit +CN = My Name diff --git a/test/testutil/tests.c b/test/testutil/tests.c index 42afab1ada..42a3b855c0 100644 --- a/test/testutil/tests.c +++ b/test/testutil/tests.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -145,6 +145,7 @@ void test_perror(const char *s) void test_note(const char *fmt, ...) { + test_flush_stdout(); if (fmt != NULL) { va_list ap; diff --git a/test/threadpool_test.c b/test/threadpool_test.c index 90ddaa9ce7..e0d9cc9f09 100644 --- a/test/threadpool_test.c +++ b/test/threadpool_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -100,6 +100,7 @@ static int test_thread_internal(void) uint32_t threads_supported; size_t i; void *t[3]; + int status = 0; OSSL_LIB_CTX *cust_ctx = OSSL_LIB_CTX_new(); threads_supported = OSSL_get_thread_support_flags(); @@ -107,65 +108,66 @@ static int test_thread_internal(void) if (threads_supported == 0) { if (!TEST_uint64_t_eq(OSSL_get_max_threads(NULL), 0)) - return 0; + goto cleanup; if (!TEST_uint64_t_eq(OSSL_get_max_threads(cust_ctx), 0)) - return 0; + goto cleanup; if (!TEST_int_eq(OSSL_set_max_threads(NULL, 1), 0)) - return 0; + goto cleanup; if (!TEST_int_eq(OSSL_set_max_threads(cust_ctx, 1), 0)) - return 0; + goto cleanup; if (!TEST_uint64_t_eq(OSSL_get_max_threads(NULL), 0)) - return 0; + goto cleanup; if (!TEST_uint64_t_eq(OSSL_get_max_threads(cust_ctx), 0)) - return 0; + goto cleanup; t[0] = ossl_crypto_thread_start(NULL, test_thread_native_fn, &local[0]); if (!TEST_ptr_null(t[0])) - return 0; + goto cleanup; - return 1; + status = 1; + goto cleanup; } /* fail when not allowed to use threads */ if (!TEST_uint64_t_eq(OSSL_get_max_threads(NULL), 0)) - return 0; + goto cleanup; t[0] = ossl_crypto_thread_start(NULL, test_thread_native_fn, &local[0]); if (!TEST_ptr_null(t[0])) - return 0; + goto cleanup; /* fail when enabled on a different context */ if (!TEST_uint64_t_eq(OSSL_get_max_threads(cust_ctx), 0)) - return 0; + goto cleanup; if (!TEST_int_eq(OSSL_set_max_threads(cust_ctx, 1), 1)) - return 0; + goto cleanup; if (!TEST_uint64_t_eq(OSSL_get_max_threads(NULL), 0)) - return 0; + goto cleanup; if (!TEST_uint64_t_eq(OSSL_get_max_threads(cust_ctx), 1)) - return 0; + goto cleanup; t[0] = ossl_crypto_thread_start(NULL, test_thread_native_fn, &local[0]); if (!TEST_ptr_null(t[0])) - return 0; + goto cleanup; if (!TEST_int_eq(OSSL_set_max_threads(cust_ctx, 0), 1)) - return 0; + goto cleanup; /* sequential startup */ if (!TEST_int_eq(OSSL_set_max_threads(NULL, 1), 1)) - return 0; + goto cleanup; if (!TEST_uint64_t_eq(OSSL_get_max_threads(NULL), 1)) - return 0; + goto cleanup; if (!TEST_uint64_t_eq(OSSL_get_max_threads(cust_ctx), 0)) - return 0; + goto cleanup; for (i = 0; i < OSSL_NELEM(t); ++i) { local[0] = i + 1; t[i] = ossl_crypto_thread_start(NULL, test_thread_native_fn, &local[0]); if (!TEST_ptr(t[i])) - return 0; + goto cleanup; /* * pthread_join results in undefined behaviour if called on a joined @@ -174,70 +176,72 @@ static int test_thread_internal(void) * if we do). */ if (!TEST_int_eq(ossl_crypto_thread_join(t[i], &retval[0]), 1)) - return 0; + goto cleanup; if (!TEST_int_eq(ossl_crypto_thread_join(t[i], &retval[0]), 1)) - return 0; + goto cleanup; if (!TEST_int_eq(retval[0], i + 1) || !TEST_int_eq(local[0], i + 2)) - return 0; + goto cleanup; if (!TEST_int_eq(ossl_crypto_thread_clean(t[i]), 1)) - return 0; + goto cleanup; t[i] = NULL; if (!TEST_int_eq(ossl_crypto_thread_clean(t[i]), 0)) - return 0; + goto cleanup; } /* parallel startup */ if (!TEST_int_eq(OSSL_set_max_threads(NULL, OSSL_NELEM(t)), 1)) - return 0; + goto cleanup; for (i = 0; i < OSSL_NELEM(t); ++i) { local[i] = i + 1; t[i] = ossl_crypto_thread_start(NULL, test_thread_native_fn, &local[i]); if (!TEST_ptr(t[i])) - return 0; + goto cleanup; } for (i = 0; i < OSSL_NELEM(t); ++i) { if (!TEST_int_eq(ossl_crypto_thread_join(t[i], &retval[i]), 1)) - return 0; + goto cleanup; } for (i = 0; i < OSSL_NELEM(t); ++i) { if (!TEST_int_eq(retval[i], i + 1) || !TEST_int_eq(local[i], i + 2)) - return 0; + goto cleanup; if (!TEST_int_eq(ossl_crypto_thread_clean(t[i]), 1)) - return 0; + goto cleanup; } /* parallel startup, bottleneck */ if (!TEST_int_eq(OSSL_set_max_threads(NULL, OSSL_NELEM(t) - 1), 1)) - return 0; + goto cleanup; for (i = 0; i < OSSL_NELEM(t); ++i) { local[i] = i + 1; t[i] = ossl_crypto_thread_start(NULL, test_thread_native_fn, &local[i]); if (!TEST_ptr(t[i])) - return 0; + goto cleanup; } for (i = 0; i < OSSL_NELEM(t); ++i) { if (!TEST_int_eq(ossl_crypto_thread_join(t[i], &retval[i]), 1)) - return 0; + goto cleanup; } for (i = 0; i < OSSL_NELEM(t); ++i) { if (!TEST_int_eq(retval[i], i + 1) || !TEST_int_eq(local[i], i + 2)) - return 0; + goto cleanup; if (!TEST_int_eq(ossl_crypto_thread_clean(t[i]), 1)) - return 0; + goto cleanup; } if (!TEST_int_eq(OSSL_set_max_threads(NULL, 0), 1)) - return 0; + goto cleanup; + status = 1; +cleanup: OSSL_LIB_CTX_free(cust_ctx); - return 1; + return status; } # endif diff --git a/test/threadstest.c b/test/threadstest.c index e0ecfd7814..a22cfe7020 100644 --- a/test/threadstest.c +++ b/test/threadstest.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -90,6 +90,9 @@ static int test_lock(void) CRYPTO_RWLOCK *lock = CRYPTO_THREAD_lock_new(); int res; + if (!TEST_ptr(lock)) + return 0; + res = TEST_true(CRYPTO_THREAD_read_lock(lock)) && TEST_true(CRYPTO_THREAD_unlock(lock)) && TEST_true(CRYPTO_THREAD_write_lock(lock)) @@ -111,6 +114,7 @@ static int rwwriter2_iterations = 0; static int *rwwriter_ptr = NULL; static int rw_torture_result = 1; static CRYPTO_RWLOCK *rwtorturelock = NULL; +static CRYPTO_RWLOCK *atomiclock = NULL; static void rwwriter_fn(int id, int *iterations) { @@ -150,7 +154,7 @@ static void rwwriter1_fn(void) TEST_info("Starting writer1"); rwwriter_fn(1, &rwwriter1_iterations); - CRYPTO_atomic_add(&rwwriter1_done, 1, &local, NULL); + CRYPTO_atomic_add(&rwwriter1_done, 1, &local, atomiclock); } static void rwwriter2_fn(void) @@ -159,7 +163,7 @@ static void rwwriter2_fn(void) TEST_info("Starting writer 2"); rwwriter_fn(2, &rwwriter2_iterations); - CRYPTO_atomic_add(&rwwriter2_done, 1, &local, NULL); + CRYPTO_atomic_add(&rwwriter2_done, 1, &local, atomiclock); } static void rwreader_fn(int *iterations) @@ -174,8 +178,8 @@ static void rwreader_fn(int *iterations) abort(); while (lw1 != 1 || lw2 != 1) { - CRYPTO_atomic_add(&rwwriter1_done, 0, &lw1, NULL); - CRYPTO_atomic_add(&rwwriter2_done, 0, &lw2, NULL); + CRYPTO_atomic_add(&rwwriter1_done, 0, &lw1, atomiclock); + CRYPTO_atomic_add(&rwwriter2_done, 0, &lw2, atomiclock); count++; if (rwwriter_ptr != NULL && old > *rwwriter_ptr) { @@ -223,6 +227,10 @@ static int _torture_rw(void) struct timeval dtime; rwtorturelock = CRYPTO_THREAD_lock_new(); + atomiclock = CRYPTO_THREAD_lock_new(); + if (!TEST_ptr(rwtorturelock) || !TEST_ptr(atomiclock)) + goto out; + rwwriter1_iterations = 0; rwwriter2_iterations = 0; rwreader1_iterations = 0; @@ -255,6 +263,11 @@ static int _torture_rw(void) TEST_info("performed %d reads and %d writes over 2 read and 2 write threads in %e seconds", rwreader1_iterations + rwreader2_iterations, rwwriter1_iterations + rwwriter2_iterations, tottime); + if ((rwreader1_iterations + rwreader2_iterations == 0) + || (rwwriter1_iterations + rwwriter2_iterations == 0)) { + TEST_info("Threads did not iterate\n"); + goto out; + } avr = tottime / (rwreader1_iterations + rwreader2_iterations); avw = (tottime / (rwwriter1_iterations + rwwriter2_iterations)); TEST_info("Average read time %e/read", avr); @@ -264,6 +277,7 @@ static int _torture_rw(void) ret = 1; out: CRYPTO_THREAD_lock_free(rwtorturelock); + CRYPTO_THREAD_lock_free(atomiclock); rwtorturelock = NULL; return ret; } @@ -289,10 +303,9 @@ static int reader1_iterations = 0; static int reader2_iterations = 0; static int writer1_iterations = 0; static int writer2_iterations = 0; -static unsigned int *writer_ptr = NULL; -static unsigned int global_ctr = 0; +static uint64_t *writer_ptr = NULL; +static uint64_t global_ctr = 0; static int rcu_torture_result = 1; - static void free_old_rcu_data(void *data) { CRYPTO_free(data, NULL, 0); @@ -302,12 +315,12 @@ static void writer_fn(int id, int *iterations) { int count; OSSL_TIME t1, t2; - unsigned int *old, *new; + uint64_t *old, *new; t1 = ossl_time_now(); for (count = 0; ; count++) { - new = CRYPTO_zalloc(sizeof(int), NULL, 0); + new = CRYPTO_zalloc(sizeof(uint64_t), NULL, 0); if (contention == 0) OSSL_sleep(1000); ossl_rcu_write_lock(rcu_lock); @@ -336,7 +349,7 @@ static void writer1_fn(void) TEST_info("Starting writer1"); writer_fn(1, &writer1_iterations); - CRYPTO_atomic_add(&writer1_done, 1, &local, NULL); + CRYPTO_atomic_add(&writer1_done, 1, &local, atomiclock); } static void writer2_fn(void) @@ -345,27 +358,28 @@ static void writer2_fn(void) TEST_info("Starting writer2"); writer_fn(2, &writer2_iterations); - CRYPTO_atomic_add(&writer2_done, 1, &local, NULL); + CRYPTO_atomic_add(&writer2_done, 1, &local, atomiclock); } static void reader_fn(int *iterations) { unsigned int count = 0; - unsigned int *valp; - unsigned int val; - unsigned int oldval = 0; + uint64_t *valp; + uint64_t val; + uint64_t oldval = 0; int lw1 = 0; int lw2 = 0; while (lw1 != 1 || lw2 != 1) { - CRYPTO_atomic_add(&writer1_done, 0, &lw1, NULL); - CRYPTO_atomic_add(&writer2_done, 0, &lw2, NULL); + CRYPTO_atomic_add(&writer1_done, 0, &lw1, atomiclock); + CRYPTO_atomic_add(&writer2_done, 0, &lw2, atomiclock); count++; ossl_rcu_read_lock(rcu_lock); valp = ossl_rcu_deref(&writer_ptr); val = (valp == NULL) ? 0 : *valp; + if (oldval > val) { - TEST_info("rcu torture value went backwards! (%p) %x : %x\n", (void *)valp, oldval, val); + TEST_info("rcu torture value went backwards! %llu : %llu", (unsigned long long)oldval, (unsigned long long)val); rcu_torture_result = 0; } oldval = val; /* just try to deref the pointer */ @@ -401,6 +415,11 @@ static int _torture_rcu(void) struct timeval dtime; double tottime; double avr, avw; + int rc = 0; + + atomiclock = CRYPTO_THREAD_lock_new(); + if (!TEST_ptr(atomiclock)) + goto out; memset(&writer1, 0, sizeof(thread_t)); memset(&writer2, 0, sizeof(thread_t)); @@ -415,7 +434,9 @@ static int _torture_rcu(void) writer2_done = 0; rcu_torture_result = 1; - rcu_lock = ossl_rcu_lock_new(1); + rcu_lock = ossl_rcu_lock_new(contention == 2 ? 4 : 1, NULL); + if (rcu_lock == NULL) + goto out; TEST_info("Staring rcu torture"); t1 = ossl_time_now(); @@ -427,7 +448,7 @@ static int _torture_rcu(void) || !TEST_true(wait_for_thread(writer2)) || !TEST_true(wait_for_thread(reader1)) || !TEST_true(wait_for_thread(reader2))) - return 0; + goto out; t2 = ossl_time_now(); dtime = ossl_time_to_timeval(ossl_time_subtract(t2, t1)); @@ -436,16 +457,27 @@ static int _torture_rcu(void) TEST_info("performed %d reads and %d writes over 2 read and 2 write threads in %e seconds", reader1_iterations + reader2_iterations, writer1_iterations + writer2_iterations, tottime); + if ((reader1_iterations + reader2_iterations == 0) + || (writer1_iterations + writer2_iterations == 0)) { + TEST_info("Threads did not iterate\n"); + goto out; + } avr = tottime / (reader1_iterations + reader2_iterations); avw = tottime / (writer1_iterations + writer2_iterations); TEST_info("Average read time %e/read", avr); TEST_info("Average write time %e/write", avw); + if (!TEST_int_eq(rcu_torture_result, 1)) + goto out; + + rc = 1; +out: ossl_rcu_lock_free(rcu_lock); + CRYPTO_THREAD_lock_free(atomiclock); if (!TEST_int_eq(rcu_torture_result, 1)) return 0; - return 1; + return rc; } static int torture_rcu_low(void) @@ -459,6 +491,12 @@ static int torture_rcu_high(void) contention = 1; return _torture_rcu(); } + +static int torture_rcu_high2(void) +{ + contention = 2; + return _torture_rcu(); +} #endif static CRYPTO_ONCE once_run = CRYPTO_ONCE_STATIC_INIT; @@ -783,7 +821,7 @@ static void thread_general_worker(void) * Therefore we use an insecure bit length where we can (512). * In the FIPS module though we must use a longer length. */ - pkey = EVP_PKEY_Q_keygen(multi_libctx, NULL, "RSA", isfips ? 2048 : 512); + pkey = EVP_PKEY_Q_keygen(multi_libctx, NULL, "RSA", (size_t)(isfips ? 2048 : 512)); if (!TEST_ptr(pkey)) goto err; @@ -934,6 +972,45 @@ static int test_multi_shared_pkey(void) return test_multi_shared_pkey_common(&thread_shared_evp_pkey); } +static void thread_release_shared_pkey(void) +{ + OSSL_sleep(0); + EVP_PKEY_free(shared_evp_pkey); +} + +static int test_multi_shared_pkey_release(void) +{ + int testresult = 0; + size_t i = 1; + + multi_intialise(); + shared_evp_pkey = NULL; + if (!thread_setup_libctx(1, do_fips ? fips_and_default_providers + : default_provider) + || !TEST_ptr(shared_evp_pkey = load_pkey_pem(privkey, multi_libctx))) + goto err; + for (; i < 10; ++i) { + if (!TEST_true(EVP_PKEY_up_ref(shared_evp_pkey))) + goto err; + } + + if (!start_threads(10, &thread_release_shared_pkey)) + goto err; + i = 0; + + if (!teardown_threads() + || !TEST_true(multi_success)) + goto err; + testresult = 1; + err: + while (i > 0) { + EVP_PKEY_free(shared_evp_pkey); + --i; + } + thead_teardown_libctx(); + return testresult; +} + static int test_multi_load_unload_provider(void) { EVP_MD *sha256 = NULL; @@ -1225,6 +1302,7 @@ int setup_tests(void) ADD_TEST(torture_rw_high); ADD_TEST(torture_rcu_low); ADD_TEST(torture_rcu_high); + ADD_TEST(torture_rcu_high2); #endif ADD_TEST(test_once); ADD_TEST(test_thread_local); @@ -1237,6 +1315,7 @@ int setup_tests(void) #ifndef OPENSSL_NO_DEPRECATED_3_0 ADD_TEST(test_multi_downgrade_shared_pkey); #endif + ADD_TEST(test_multi_shared_pkey_release); ADD_TEST(test_multi_load_unload_provider); ADD_TEST(test_obj_add); ADD_TEST(test_lib_ctx_load_config); diff --git a/test/threadstest.h b/test/threadstest.h index 8bdedd7052..f8e6589e0c 100644 --- a/test/threadstest.h +++ b/test/threadstest.h @@ -1,5 +1,5 @@ /* - * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -65,6 +65,7 @@ static void *thread_run(void *arg) *(void **) (&f) = arg; f(); + OPENSSL_thread_stop(); return NULL; } diff --git a/test/tls-provider.c b/test/tls-provider.c index 6d66fdf8e1..eb0a1cc94b 100644 --- a/test/tls-provider.c +++ b/test/tls-provider.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -930,9 +930,10 @@ static void *xor_gen_init(void *provctx, int selection, | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS)) == 0) return NULL; - if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL) - gctx->selection = selection; + if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) == NULL) + return NULL; + gctx->selection = selection; gctx->libctx = PROV_XOR_LIBCTX_OF(provctx); if (!xor_gen_set_params(gctx, params)) { @@ -3220,12 +3221,12 @@ int tls_provider_init(const OSSL_CORE_HANDLE *handle, OSSL_LIB_CTX *libctx = OSSL_LIB_CTX_new_from_dispatch(handle, in); OSSL_FUNC_core_obj_create_fn *c_obj_create= NULL; OSSL_FUNC_core_obj_add_sigid_fn *c_obj_add_sigid= NULL; - PROV_XOR_CTX *prov_ctx = xor_newprovctx(libctx); + PROV_XOR_CTX *xor_prov_ctx = xor_newprovctx(libctx); - if (libctx == NULL || prov_ctx == NULL) - return 0; + if (libctx == NULL || xor_prov_ctx == NULL) + goto err; - *provctx = prov_ctx; + *provctx = xor_prov_ctx; /* * Randomise the group_id and code_points we're going to use to ensure we @@ -3258,23 +3259,29 @@ int tls_provider_init(const OSSL_CORE_HANDLE *handle, */ if (!c_obj_create(handle, XORSIGALG_OID, XORSIGALG_NAME, XORSIGALG_NAME)) { ERR_raise(ERR_LIB_USER, XORPROV_R_OBJ_CREATE_ERR); - return 0; + goto err; } if (!c_obj_add_sigid(handle, XORSIGALG_OID, "", XORSIGALG_OID)) { ERR_raise(ERR_LIB_USER, XORPROV_R_OBJ_CREATE_ERR); - return 0; + goto err; } if (!c_obj_create(handle, XORSIGALG_HASH_OID, XORSIGALG_HASH_NAME, NULL)) { ERR_raise(ERR_LIB_USER, XORPROV_R_OBJ_CREATE_ERR); - return 0; + goto err; } if (!c_obj_add_sigid(handle, XORSIGALG_HASH_OID, XORSIGALG_HASH, XORSIGALG_HASH_OID)) { ERR_raise(ERR_LIB_USER, XORPROV_R_OBJ_CREATE_ERR); - return 0; + goto err; } *out = tls_prov_dispatch_table; return 1; + +err: + OPENSSL_free(xor_prov_ctx); + *provctx = NULL; + OSSL_LIB_CTX_free(libctx); + return 0; } diff --git a/test/tls13ccstest.c b/test/tls13ccstest.c index 4825795175..6e1b7d978c 100644 --- a/test/tls13ccstest.c +++ b/test/tls13ccstest.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/v3ext.c b/test/v3ext.c index 3cd6ee6907..9305a3010b 100644 --- a/test/v3ext.c +++ b/test/v3ext.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -269,17 +269,20 @@ static int test_addr_fam_len(void) goto end; if (!ASN1_OCTET_STRING_set(f1->addressFamily, key, keylen)) goto end; + + /* Push and transfer memory ownership to stack */ if (!sk_IPAddressFamily_push(addr, f1)) goto end; + f1 = NULL; /* Shouldn't be able to canonize this as the len is > 3*/ if (!TEST_false(X509v3_addr_canonize(addr))) goto end; - /* Create a well formed IPAddressFamily */ - f1 = sk_IPAddressFamily_pop(addr); - IPAddressFamily_free(f1); + /* Pop and free the new stack element */ + IPAddressFamily_free(sk_IPAddressFamily_pop(addr)); + /* Create a well-formed IPAddressFamily */ key[0] = (afi >> 8) & 0xFF; key[1] = afi & 0xFF; key[2] = 0x1; @@ -297,8 +300,11 @@ static int test_addr_fam_len(void) /* Mark this as inheritance so we skip some of the is_canonize checks */ f1->ipAddressChoice->type = IPAddressChoice_inherit; + + /* Push and transfer memory ownership to stack */ if (!sk_IPAddressFamily_push(addr, f1)) goto end; + f1 = NULL; /* Should be able to canonize now */ if (!TEST_true(X509v3_addr_canonize(addr))) @@ -306,7 +312,10 @@ static int test_addr_fam_len(void) testresult = 1; end: + /* Free stack and any memory owned by detached element */ + IPAddressFamily_free(f1); sk_IPAddressFamily_pop_free(addr, IPAddressFamily_free); + ASN1_OCTET_STRING_free(ip1); ASN1_OCTET_STRING_free(ip2); return testresult; diff --git a/test/wpackettest.c b/test/wpackettest.c index aaa374af18..c323e65ca9 100644 --- a/test/wpackettest.c +++ b/test/wpackettest.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -590,7 +590,7 @@ static int test_WPACKET_quic_vlint_random(void) if (!TEST_int_gt(RAND_bytes(rand_data, sizeof(rand_data)), 0)) return cleanup(&pkt); - expected = *(uint64_t*)rand_data; + memcpy(&expected, rand_data, sizeof(uint64_t)); /* * Ensure that all size classes get tested with equal probability. diff --git a/test/x509_test.c b/test/x509_test.c index f5a67c63d9..1c6e569a4c 100644 --- a/test/x509_test.c +++ b/test/x509_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,7 +7,14 @@ * https://www.openssl.org/source/license.html */ +#define OPENSSL_SUPPRESS_DEPRECATED /* EVP_PKEY_get1/set1_RSA */ + #include +#include +#include +#include +#include +#include "crypto/x509.h" /* x509_st definition */ #include "testutil.h" static EVP_PKEY *pubkey = NULL; @@ -114,9 +121,73 @@ static int test_x509_crl_tbs_cache(void) return ret; } +static int test_asn1_item_verify(void) +{ + int ret = 0; + BIO *bio = NULL; + X509 *x509 = NULL; + const char *certfile; + const ASN1_BIT_STRING *sig = NULL; + const X509_ALGOR *alg = NULL; + EVP_PKEY *pkey; +#ifndef OPENSSL_NO_DEPRECATED_3_0 + RSA *rsa = NULL; +#endif + + if (!TEST_ptr(certfile = test_get_argument(0)) + || !TEST_ptr(bio = BIO_new_file(certfile, "r")) + || !TEST_ptr(x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL)) + || !TEST_ptr(pkey = X509_get0_pubkey(x509))) + goto err; + +#ifndef OPENSSL_NO_DEPRECATED_3_0 + /* Issue #24575 requires legacy key but the test is useful anyway */ + if (!TEST_ptr(rsa = EVP_PKEY_get1_RSA(pkey))) + goto err; + + if (!TEST_int_gt(EVP_PKEY_set1_RSA(pkey, rsa), 0)) + goto err; +#endif + + X509_get0_signature(&sig, &alg, x509); + + if (!TEST_int_gt(ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF), + (X509_ALGOR *)alg, (ASN1_BIT_STRING *)sig, + &x509->cert_info, pkey), 0)) + goto err; + + ERR_set_mark(); + if (!TEST_int_lt(ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF), + (X509_ALGOR *)alg, (ASN1_BIT_STRING *)sig, + NULL, pkey), 0)) { + ERR_clear_last_mark(); + goto err; + } + ERR_pop_to_mark(); + + ret = 1; + + err: +#ifndef OPENSSL_NO_DEPRECATED_3_0 + RSA_free(rsa); +#endif + X509_free(x509); + BIO_free(bio); + return ret; +} + +OPT_TEST_DECLARE_USAGE("\n") + int setup_tests(void) { const unsigned char *p; + int cnt; + + cnt = test_get_argument_count(); + if (cnt != 1) { + TEST_error("Must specify a certificate file self-signed with RSA-PSS.\n"); + return 0; + } p = pubkeydata; pubkey = d2i_PUBKEY(NULL, &p, sizeof(pubkeydata)); @@ -138,6 +209,7 @@ int setup_tests(void) ADD_TEST(test_x509_tbs_cache); ADD_TEST(test_x509_crl_tbs_cache); + ADD_TEST(test_asn1_item_verify); return 1; } diff --git a/test/x509_time_test.c b/test/x509_time_test.c index b6aad699b5..262f9ed7ce 100644 --- a/test/x509_time_test.c +++ b/test/x509_time_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/tlsfuzzer b/tlsfuzzer index dbd56c1490..61f45d9701 160000 --- a/tlsfuzzer +++ b/tlsfuzzer @@ -1 +1 @@ -Subproject commit dbd56c149072e656ca8d6a43a59588f3e7513da2 +Subproject commit 61f45d9701294fd87ef92d2a7e3dfb076653a562 diff --git a/tlslite-ng b/tlslite-ng index 771e9f59d6..77ef321dde 160000 --- a/tlslite-ng +++ b/tlslite-ng @@ -1 +1 @@ -Subproject commit 771e9f59d639dbb0e2fa8e646c8e588405d3903e +Subproject commit 77ef321dde1a9e6bcf94d73c80f8789a770d8031 diff --git a/util/check-format-commit.sh b/util/check-format-commit.sh new file mode 100755 index 0000000000..206827dd86 --- /dev/null +++ b/util/check-format-commit.sh @@ -0,0 +1,170 @@ +#!/bin/bash +# Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). +# You may not use this file except in compliance with the License. +# You can obtain a copy in the file LICENSE in the source distribution +# or at https://www.openssl.org/source/license.html +# +# This script is a wrapper around check-format.pl. +# It accepts the same commit revision range as 'git diff' as arguments, +# or just a single commit id, and uses it to identify the files and line ranges +# that were changed in that commit range, filtering check-format.pl output +# only to lines that fall into the change ranges of the changed files. +# examples: +# check-format-commit.sh # check unstaged changes +# check-format-commit.sh HEAD +# check-format-commit.sh @~3.. +# check-format-commit.sh f5981c9629667a5a5d6 +# check-format-commit.sh f5981c9629667a5a5d6..ee0bf38e8709bf71888 + +# Allowlist of files to scan +# Currently this is any .c or .h file (with an optional .in suffix) +FILE_NAME_END_ALLOWLIST=("\.[ch]\(.in\)\?") + +# Global vars + +# TEMPDIR is used to hold any files this script creates +# And is cleaned on EXIT with a trap function +TEMPDIR=$(mktemp -d /tmp/checkformat.XXXXXX) + +# TOPDIR always points to the root of the git tree we are working in +# used to locate the check-format.pl script +TOPDIR=$(git rev-parse --show-toplevel) + + +# cleanup handler function, returns us to the root of the git tree +# and erases our temp directory +cleanup() { + rm -rf $TEMPDIR + cd $TOPDIR +} + +trap cleanup EXIT + +# Get the list of ids of the commits we are checking, +# or empty for unstaged changes. +# This lets us pass in symbolic ref names like master/etc and +# resolve them to commit ids easily +COMMIT_RANGE="$@" +[ -n $COMMIT_RANGE ] && COMMIT_LAST=$(git rev-parse $COMMIT_RANGE) + +# Fail gracefully if git rev-parse doesn't produce a valid commit +if [ $? -ne 0 ] +then + echo "$1 is not a valid commit range or commit id" + exit 1 +fi + +# If the commit range is exactly one revision, +# git rev-parse will output just the commit id of that one alone. +# In that case, we must manipulate a little to get a desirable result, +# as 'git diff' has a slightly different interpretation of a single commit id: +# it takes that to mean all commits up to HEAD, plus any unstaged changes. +if [ $(echo -n "$COMMIT_LAST" | wc -w) -ne 1 ]; then + COMMIT_LAST=$(echo "$COMMIT_LAST" | head -1) +else + # $COMMIT_RANGE is just one commit, make it an actual range + COMMIT_RANGE=$COMMIT_RANGE^..$COMMIT_RANGE +fi + +# Create an iterable list of files to check formatting on, +# including the line ranges that are changed by the commits +# It produces output of this format: +# , +git diff -U0 $COMMIT_RANGE | awk ' + BEGIN {myfile=""} + /^\+\+\+/ { sub(/^b./,"",$2); file=$2 } + /^@@/ { sub(/^\+/,"",$3); range=$3; printf file " " range "\n" } + ' > $TEMPDIR/ranges.txt + +# filter in anything that matches on a filter regex +for i in ${FILE_NAME_END_ALLOWLIST[@]} +do + # Note the space after the $i below. This is done because we want + # to match on file name suffixes, but the input file is of the form + # , + # So we can't just match on end of line. The additional space + # here lets us match on suffixes followed by the expected space + # in the input file + grep "$i " $TEMPDIR/ranges.txt >> $TEMPDIR/ranges.filter || true +done + +REMAINING_FILES=$(wc -l <$TEMPDIR/ranges.filter) +if [ $REMAINING_FILES -eq 0 ] +then + echo "The given commit range has no C source file changes that require checking" + exit 0 +fi + +# unless checking the format of unstaged changes, +# check out the files from the commit range. +if [ -n "$COMMIT_RANGE" ] +then + # For each file name in ranges, we show that file at the commit range + # we are checking, and redirect it to the same path, + # relative to $TEMPDIR/check-format. + # This give us the full file path to run check-format.pl on + # with line numbers matching the ranges in the $TEMPDIR/ranges.filter file + for j in $(awk '{print $1}' $TEMPDIR/ranges.filter | sort -u) + do + FDIR=$(dirname $j) + mkdir -p $TEMPDIR/check-format/$FDIR + git show $COMMIT_LAST:$j > $TEMPDIR/check-format/$j + done +fi + +# Now for each file in $TEMPDIR/ranges.filter, run check-format.pl +for j in $(awk '{print $1}' $TEMPDIR/ranges.filter | sort -u) +do + range_start=() + range_end=() + + # Get the ranges for this file. Create 2 arrays. range_start contains + # the start lines for valid ranges from the commit. the range_end array + # contains the corresponding end line. Note, since diff output gives us + # a line count for a change, the range_end[k] entry is actually + # range_start[k]+line count + for k in $(grep ^$j $TEMPDIR/ranges.filter | awk '{print $2}') + do + RSTART=$(echo $k | awk -F',' '{print $1}') + RLEN=$(echo $k | awk -F',' '{print $2}') + # when the hunk is just one line, its length is implied + if [ -z "$RLEN" ]; then RLEN=1; fi + let REND=$RSTART+$RLEN + range_start+=($RSTART) + range_end+=($REND) + done + + # Go to our checked out tree, unless checking unstaged changes + [ -n "$COMMIT_RANGE" ] && cd $TEMPDIR/check-format + + # Actually run check-format.pl on the file, capturing the output + # in a temporary file. Note the format of check-format.pl output is + # ::: + $TOPDIR/util/check-format.pl $j > $TEMPDIR/results.txt + + # Now we filter the check-format.pl output based on the changed lines + # captured in the range_start/end arrays + let maxidx=${#range_start[@]}-1 + for k in $(seq 0 1 $maxidx) + do + RSTART=${range_start[$k]} + REND=${range_end[$k]} + + # field 2 of check-format.pl output is the offending line number + # Check here if any line in that output falls between any of the + # start/end ranges defined in the range_start/range_end array. + # If it does fall in that range, print the entire line to stdout + awk -v rstart=$RSTART -v rend=$REND -F':' ' + /:/ { if (rstart <= $2 && $2 <= rend) print $0 } + ' $TEMPDIR/results.txt >>$TEMPDIR/results-filtered.txt + done +done +cat $TEMPDIR/results-filtered.txt + +# If any findings were in range, exit with a different error code +if [ -s $TEMPDIR/results-filtered.txt ] +then + exit 2 +fi diff --git a/util/check-format-test-negatives.c b/util/check-format-test-negatives.c index 8b3b75db3e..f6b1bfb319 100644 --- a/util/check-format-test-negatives.c +++ b/util/check-format-test-negatives.c @@ -1,5 +1,5 @@ /* - * Copyright 2007-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright Siemens AG 2015-2022 * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -335,9 +335,8 @@ size_t UTIL_url_encode(const char *source, int f() { c; - if (1) { + if (1) c; - } c; if (1) if (2) diff --git a/util/check-format.pl b/util/check-format.pl index e1a91bcc58..559b9023d0 100755 --- a/util/check-format.pl +++ b/util/check-format.pl @@ -1,6 +1,6 @@ #! /usr/bin/env perl # -# Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. # Copyright Siemens AG 2019-2022 # # Licensed under the Apache License 2.0 (the "License"). @@ -167,7 +167,7 @@ my $local_offset; # current extra indent due to label, switch case/defa my $line_body_start; # number of line where last function body started, or 0 my $line_function_start; # number of line where last function definition started, used for $line_body_start my $last_function_header; # header containing name of last function defined, used if $line_body_start != 0 -my $line_opening_brace; # number of previous line with opening brace after do/while/for, optionally for if/else +my $line_opening_brace; # number of previous line with opening brace after if/do/while/for, optionally for 'else' my $keyword_opening_brace; # name of previous keyword, used if $line_opening_brace != 0 my $block_indent; # currently required normal indentation at block/statement level @@ -791,7 +791,7 @@ while (<>) { # loop over all lines of all input files # treat remaining blinded comments and string literal contents as (single) space during matching below $intra_line =~ s/@+/ /g; # note that extra SPC has already been handled above $intra_line =~ s/\s+$//; # strip any (resulting) space at EOL - # replace ';;' or '; ;' by ';' in "for(;;)" and in "for (...)" unless "..." contains just SPC and ';' characters: + # replace ';;' or '; ;' by ';' in "for (;;)" and in "for (...)" unless "..." contains just SPC and ';' characters: $intra_line =~ s/((^|\W)for\s*\()([^;]*?)(\s*)(;\s?);(\s*)([^;]*)(\))/ "$1$3$4".("$3$4$5$6$7" eq ";" || $3 ne "" || $7 ne "" ? "" : $5).";$6$7$8"/eg; # strip trailing ';' or '; ' in "for (...)" except in "for (;;)" or "for (;; )": @@ -904,7 +904,7 @@ while (<>) { # loop over all lines of all input files # handle opening brace '{' after if/else/while/for/switch/do on line before if ($hanging_offset > 0 && m/^[\s@]*{/ && # leading opening '{' $line_before > 0 && - $contents_before_ =~ m/(^|^.*\W)(if|else|while|for|switch|do)(\W.*$|$)/) { + $contents_before_ =~ m/(^|^.*\W)(if|else|while|for|(OSSL_)?LIST_FOREACH(_\w+)?|switch|do)(\W.*$|$)/) { $keyword_opening_brace = $1; $hanging_offset -= INDENT_LEVEL; # cancel newly hanging_offset } @@ -966,15 +966,18 @@ while (<>) { # loop over all lines of all input files my $outermost_level = $block_indent - $preproc_offset == 0; - report("more than one stmt") if !m/(^|\W)for(\W.*|$)/ && # no 'for' - TODO improve matching + report("more than one stmt") if !m/(^|\W)(for|(OSSL_)?LIST_FOREACH(_\w+)?)(\W.*|$)/ && # no 'for' - TODO improve matching m/;.*;/; # two or more terminators ';', so more than one statement # check for code block containing a single line/statement if ($line_before2 > 0 && !$outermost_level && # within function body $in_typedecl == 0 && @nested_indents == 0 && # neither within type declaration nor inside stmt/expr - m/^[\s@]*\}/) { # leading closing brace '}', any preceding blinded comment must not be matched + m/^[\s@]*\}\s*(\w*)/) { # leading closing brace '}', any preceding blinded comment must not be matched # TODO extend detection from single-line to potentially multi-line statement + my $next_word = $1; if ($line_opening_brace > 0 && + ($keyword_opening_brace ne "if" || + $extended_1_stmt || $next_word ne "else") && ($line_opening_brace == $line_before2 || $line_opening_brace == $line_before) && $contents_before =~ m/;/) { # there is at least one terminator ';', so there is some stmt @@ -1001,7 +1004,7 @@ while (<>) { # loop over all lines of all input files my $assignment_start = 0; my $tmp = $_; $tmp =~ s/[\!<>=]=/@@/g; # blind (in-)equality symbols like '<=' as '@@' to prevent matching them as '=' below - if (m/^((^|.*\W)(if|while|for|switch))(\W.*|$)$/) { # (last) if/for/while/switch + if (m/^((^|.*\W)(if|while|for|(OSSL_)?LIST_FOREACH(_\w+)?|switch))(\W.*|$)$/) { # (last) if/for/while/switch $paren_expr_start = 1; } elsif (m/^((^|.*\W)(return|enum))(\W.*|$)/ # (last) return/enum && !$in_expr && @nested_indents == 0 && parens_balance($1) == 0) { # not nested enum @@ -1132,9 +1135,9 @@ while (<>) { # loop over all lines of all input files $line_body_start = $contents =~ m/LONG BODY/ ? 0 : $line if $line_function_start != 0; } } else { - $line_opening_brace = $line if $keyword_opening_brace =~ m/do|while|for/; + $line_opening_brace = $line if $keyword_opening_brace =~ m/if|do|while|for|(OSSL_)?LIST_FOREACH(_\w+)?/; # using, not assigning, $keyword_opening_brace here because it could be on an earlier line - $line_opening_brace = $line if $keyword_opening_brace =~ m/if|else/ && $extended_1_stmt && + $line_opening_brace = $line if $keyword_opening_brace eq "else" && $extended_1_stmt && # TODO prevent false positives for if/else where braces around single-statement branches # should be avoided but only if all branches have just single statements # The following helps detecting the exception when handling multiple 'if ... else' branches: @@ -1145,11 +1148,11 @@ while (<>) { # loop over all lines of all input files } } - # check for opening brace after if/while/for/switch/do not on same line + # check for opening brace after if/while/for/switch/do missing on same line # note that "missing '{' on same line after '} else'" is handled further below if (/^[\s@]*{/ && # leading '{' $line_before > 0 && !($contents_before_ =~ m/^\s*#/) && # not preprocessor directive '#if - (my ($head, $mid, $tail) = ($contents_before_ =~ m/(^|^.*\W)(if|while|for|switch|do)(\W.*$|$)/))) { + (my ($head, $mid, $tail) = ($contents_before_ =~ m/(^|^.*\W)(if|while|for|(OSSL_)?LIST_FOREACH(_\w+)?|switch|do)(\W.*$|$)/))) { my $brace_after = $tail =~ /^[\s@]*{/; # any whitespace or comments then '{' report("'{' not on same line as preceding '$mid'") if !$brace_after; } diff --git a/util/libcrypto.num b/util/libcrypto.num index 89a211d2f6..75813690dc 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -5536,15 +5536,15 @@ X509_STORE_CTX_set_get_crl 5663 3_2_0 EXIST::FUNCTION: X509_STORE_CTX_set_current_reasons 5664 3_2_0 EXIST::FUNCTION: OSSL_STORE_delete 5665 3_2_0 EXIST::FUNCTION: BIO_ADDR_copy 5666 3_2_0 EXIST::FUNCTION:SOCK -OSSL_CMP_CTX_get0_geninfo_ITAVs ? 3_3_0 EXIST::FUNCTION:CMP -OSSL_CMP_HDR_get0_geninfo_ITAVs ? 3_3_0 EXIST::FUNCTION:CMP -OSSL_CMP_ITAV_new0_certProfile ? 3_3_0 EXIST::FUNCTION:CMP -OSSL_CMP_ITAV_get0_certProfile ? 3_3_0 EXIST::FUNCTION:CMP -OSSL_CMP_MSG_get0_certreq_publickey ? 3_3_0 EXIST::FUNCTION:CMP -OSSL_CMP_SRV_CTX_init_trans ? 3_3_0 EXIST::FUNCTION:CMP -EVP_DigestSqueeze ? 3_3_0 EXIST::FUNCTION: -ERR_pop ? 3_3_0 EXIST::FUNCTION: -X509_STORE_get1_objects ? 3_3_0 EXIST::FUNCTION: -OPENSSL_LH_set_thunks ? 3_3_0 EXIST::FUNCTION: -OPENSSL_LH_doall_arg_thunk ? 3_3_0 EXIST::FUNCTION: -OSSL_HTTP_REQ_CTX_set_max_response_hdr_lines ? 3_3_0 EXIST::FUNCTION:HTTP +OSSL_CMP_CTX_get0_geninfo_ITAVs 5667 3_3_0 EXIST::FUNCTION:CMP +OSSL_CMP_HDR_get0_geninfo_ITAVs 5668 3_3_0 EXIST::FUNCTION:CMP +OSSL_CMP_ITAV_new0_certProfile 5669 3_3_0 EXIST::FUNCTION:CMP +OSSL_CMP_ITAV_get0_certProfile 5670 3_3_0 EXIST::FUNCTION:CMP +OSSL_CMP_MSG_get0_certreq_publickey 5671 3_3_0 EXIST::FUNCTION:CMP +OSSL_CMP_SRV_CTX_init_trans 5672 3_3_0 EXIST::FUNCTION:CMP +EVP_DigestSqueeze 5673 3_3_0 EXIST::FUNCTION: +ERR_pop 5674 3_3_0 EXIST::FUNCTION: +X509_STORE_get1_objects 5675 3_3_0 EXIST::FUNCTION: +OPENSSL_LH_set_thunks 5676 3_3_0 EXIST::FUNCTION: +OPENSSL_LH_doall_arg_thunk 5677 3_3_0 EXIST::FUNCTION: +OSSL_HTTP_REQ_CTX_set_max_response_hdr_lines 5678 3_3_0 EXIST::FUNCTION:HTTP diff --git a/util/libssl.num b/util/libssl.num index 63b240ff9e..da18be5a62 100644 --- a/util/libssl.num +++ b/util/libssl.num @@ -577,9 +577,9 @@ SSL_handle_events 577 3_2_0 EXIST::FUNCTION: SSL_get_event_timeout 578 3_2_0 EXIST::FUNCTION: SSL_get0_group_name 579 3_2_0 EXIST::FUNCTION: SSL_is_stream_local 580 3_2_0 EXIST::FUNCTION: -SSL_write_ex2 ? 3_3_0 EXIST::FUNCTION: -SSL_get_value_uint ? 3_3_0 EXIST::FUNCTION: -SSL_set_value_uint ? 3_3_0 EXIST::FUNCTION: -SSL_poll ? 3_3_0 EXIST::FUNCTION: -SSL_SESSION_get_time_ex ? 3_3_0 EXIST::FUNCTION: -SSL_SESSION_set_time_ex ? 3_3_0 EXIST::FUNCTION: +SSL_write_ex2 581 3_3_0 EXIST::FUNCTION: +SSL_get_value_uint 582 3_3_0 EXIST::FUNCTION: +SSL_set_value_uint 583 3_3_0 EXIST::FUNCTION: +SSL_poll 584 3_3_0 EXIST::FUNCTION: +SSL_SESSION_get_time_ex 585 3_3_0 EXIST::FUNCTION: +SSL_SESSION_set_time_ex 586 3_3_0 EXIST::FUNCTION: diff --git a/util/missingssl.txt b/util/missingssl.txt index 1338feed71..8da9842a0b 100644 --- a/util/missingssl.txt +++ b/util/missingssl.txt @@ -25,7 +25,6 @@ SSL_get_peer_finished(3) SSL_set_SSL_CTX(3) SSL_set_debug(3) SSL_set_not_resumable_session_callback(3) -SSL_set_session_secret_cb(3) SSL_set_session_ticket_ext(3) SSL_set_session_ticket_ext_cb(3) SSL_srp_server_param_with_username(3) diff --git a/util/mkbuildinf.pl b/util/mkbuildinf.pl index 1c273872be..799ed3cdcd 100755 --- a/util/mkbuildinf.pl +++ b/util/mkbuildinf.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2014-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -9,17 +9,21 @@ use strict; use warnings; -my ($cflags, $platform) = @ARGV; +my $platform = pop @ARGV; +my $cflags = join(' ', @ARGV); +$cflags =~ s(\\)(\\\\)g; $cflags = "compiler: $cflags"; -my $date = gmtime($ENV{'SOURCE_DATE_EPOCH'} || time()) . " UTC"; +# Use the value of the envvar SOURCE_DATE_EPOCH, even if it's +# zero or the empty string. +my $date = gmtime($ENV{'SOURCE_DATE_EPOCH'} // time()) . " UTC"; print <<"END_OUTPUT"; /* * WARNING: do not edit! * Generated by util/mkbuildinf.pl * - * Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/util/mkdef.pl b/util/mkdef.pl index 04b2545c59..309f908b3e 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2018-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/util/mkinstallvars.pl b/util/mkinstallvars.pl index 59a432d28c..f8fa12db48 100644 --- a/util/mkinstallvars.pl +++ b/util/mkinstallvars.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -10,45 +10,96 @@ # form, or passed as variable assignments on the command line. # The result is a Perl module creating the package OpenSSL::safe::installdata. +use 5.10.0; +use strict; +use warnings; +use Carp; + use File::Spec; +#use List::Util qw(pairs); +sub _pairs (@); # These are expected to be set up as absolute directories -my @absolutes = qw(PREFIX); +my @absolutes = qw(PREFIX libdir); # These may be absolute directories, and if not, they are expected to be set up -# as subdirectories to PREFIX -my @subdirs = qw(BINDIR LIBDIR INCLUDEDIR APPLINKDIR ENGINESDIR MODULESDIR - PKGCONFIGDIR CMAKECONFIGDIR); +# as subdirectories to PREFIX or LIBDIR. The order of the pairs is important, +# since the LIBDIR subdirectories depend on the calculation of LIBDIR from +# PREFIX. +my @subdirs = _pairs (PREFIX => [ qw(BINDIR LIBDIR INCLUDEDIR APPLINKDIR) ], + LIBDIR => [ qw(ENGINESDIR MODULESDIR PKGCONFIGDIR + CMAKECONFIGDIR) ]); +# For completeness, other expected variables +my @others = qw(VERSION LDLIBS); + +my %all = ( ); +foreach (@absolutes) { $all{$_} = 1 } +foreach (@subdirs) { foreach (@{$_->[1]}) { $all{$_} = 1 } } +foreach (@others) { $all{$_} = 1 } +print STDERR "DEBUG: all keys: ", join(", ", sort keys %all), "\n"; my %keys = (); +my %values = (); foreach (@ARGV) { (my $k, my $v) = m|^([^=]*)=(.*)$|; $keys{$k} = 1; - $ENV{$k} = $v; + push @{$values{$k}}, $v; } -foreach my $k (sort keys %keys) { - my $v = $ENV{$k}; - $v = File::Spec->rel2abs($v) if $v && grep { $k eq $_ } @absolutes; - $ENV{$k} = $v; +# warn if there are missing values, and also if there are unexpected values +foreach my $k (sort keys %all) { + warn "No value given for $k\n" unless $keys{$k}; } foreach my $k (sort keys %keys) { - my $v = $ENV{$k} || '.'; + warn "Unknown variable $k\n" unless $all{$k}; +} - # Absolute paths for the subdir variables are computed. This provides - # the usual form of values for names that have become norm, known as GNU - # installation paths. - # For the benefit of those that need it, the subdirectories are preserved - # as they are, using the same variable names, suffixed with '_REL', if they - # are indeed subdirectories. - if (grep { $k eq $_ } @subdirs) { - if (File::Spec->file_name_is_absolute($v)) { - $ENV{"${k}_REL"} = File::Spec->abs2rel($v, $ENV{PREFIX}); - } else { - $ENV{"${k}_REL"} = $v; - $v = File::Spec->rel2abs($v, $ENV{PREFIX}); +# This shouldn't be needed, but just in case we get relative paths that +# should be absolute, make sure they actually are. +foreach my $k (@absolutes) { + my $v = $values{$k} || [ '.' ]; + die "Can't have more than one $k\n" if scalar @$v > 1; + print STDERR "DEBUG: $k = $v->[0] => "; + $v = [ map { File::Spec->rel2abs($_) } @$v ]; + $values{$k} = $v; + print STDERR "$k = $v->[0]\n"; +} + +# Absolute paths for the subdir variables are computed. This provides +# the usual form of values for names that have become norm, known as GNU +# installation paths. +# For the benefit of those that need it, the subdirectories are preserved +# as they are, using the same variable names, suffixed with '_REL_{var}', +# if they are indeed subdirectories. The '{var}' part of the name tells +# which other variable value they are relative to. +foreach my $pair (@subdirs) { + my ($var, $subdir_vars) = @$pair; + foreach my $k (@$subdir_vars) { + my $kr = "${k}_REL_${var}"; + my $v2 = $values{$k} || [ '.' ]; + $values{$k} = []; # We're rebuilding it + print STDERR "DEBUG: $k = ", + (scalar @$v2 > 1 ? "[ " . join(", ", @$v2) . " ]" : $v2->[0]), + " => "; + foreach my $v (@$v2) { + if (File::Spec->file_name_is_absolute($v)) { + push @{$values{$k}}, $v; + push @{$values{$kr}}, + File::Spec->abs2rel($v, $values{$var}->[0]); + } else { + push @{$values{$kr}}, $v; + push @{$values{$k}}, + File::Spec->rel2abs($v, $values{$var}->[0]); + } } + print STDERR join(", ", + map { + my $v = $values{$_}; + "$_ = " . (scalar @$v > 1 + ? "[ " . join(", ", @$v) . " ]" + : $v->[0]); + } ($k, $kr)), + "\n"; } - $ENV{$k} = $v; } print <<_____; @@ -58,38 +109,74 @@ use strict; use warnings; use Exporter; our \@ISA = qw(Exporter); -our \@EXPORT = qw(\$PREFIX - \$BINDIR \$BINDIR_REL - \$LIBDIR \$LIBDIR_REL - \$INCLUDEDIR \$INCLUDEDIR_REL - \$APPLINKDIR \$APPLINKDIR_REL - \$ENGINESDIR \$ENGINESDIR_REL - \$MODULESDIR \$MODULESDIR_REL - \$PKGCONFIGDIR \$PKGCONFIGDIR_REL - \$CMAKECONFIGDIR \$CMAKECONFIGDIR_REL - \$VERSION \@LDLIBS); +our \@EXPORT = qw( +_____ -our \$PREFIX = '$ENV{PREFIX}'; -our \$BINDIR = '$ENV{BINDIR}'; -our \$BINDIR_REL = '$ENV{BINDIR_REL}'; -our \$LIBDIR = '$ENV{LIBDIR}'; -our \$LIBDIR_REL = '$ENV{LIBDIR_REL}'; -our \$INCLUDEDIR = '$ENV{INCLUDEDIR}'; -our \$INCLUDEDIR_REL = '$ENV{INCLUDEDIR_REL}'; -our \$APPLINKDIR = '$ENV{APPLINKDIR}'; -our \$APPLINKDIR_REL = '$ENV{APPLINKDIR_REL}'; -our \$ENGINESDIR = '$ENV{ENGINESDIR}'; -our \$ENGINESDIR_REL = '$ENV{ENGINESDIR_REL}'; -our \$MODULESDIR = '$ENV{MODULESDIR}'; -our \$MODULESDIR_REL = '$ENV{MODULESDIR_REL}'; -our \$PKGCONFIGDIR = '$ENV{PKGCONFIGDIR}'; -our \$PKGCONFIGDIR_REL = '$ENV{PKGCONFIGDIR_REL}'; -our \$CMAKECONFIGDIR = '$ENV{CMAKECONFIGDIR}'; -our \$CMAKECONFIGDIR_REL = '$ENV{CMAKECONFIGDIR_REL}'; -our \$VERSION = '$ENV{VERSION}'; -our \@LDLIBS = +foreach my $k (@absolutes) { + print " \@$k\n"; +} +foreach my $pair (@subdirs) { + my ($var, $subdir_vars) = @$pair; + foreach my $k (@$subdir_vars) { + my $k2 = "${k}_REL_${var}"; + print " \@$k \@$k2\n"; + } +} + +print <<_____; + \$VERSION \@LDLIBS +); + +_____ + +foreach my $k (@absolutes) { + print "our \@$k" . ' ' x (27 - length($k)) . "= ( '", + join("', '", @{$values{$k}}), + "' );\n"; +} +foreach my $pair (@subdirs) { + my ($var, $subdir_vars) = @$pair; + foreach my $k (@$subdir_vars) { + my $k2 = "${k}_REL_${var}"; + print "our \@$k" . ' ' x (27 - length($k)) . "= ( '", + join("', '", @{$values{$k}}), + "' );\n"; + print "our \@$k2" . ' ' x (27 - length($k2)) . "= ( '", + join("', '", @{$values{$k2}}), + "' );\n"; + } +} + +print <<_____; +our \$VERSION = '$values{VERSION}->[0]'; +our \@LDLIBS = # Unix and Windows use space separation, VMS uses comma separation - split(/ +| *, */, '$ENV{LDLIBS}'); + \$^O eq 'VMS' + ? split(/ *, */, '$values{LDLIBS}->[0]') + : split(/ +/, '$values{LDLIBS}->[0]'); 1; _____ + +######## Helpers + +# _pairs LIST +# +# This operates on an even-sized list, and returns a list of "ARRAY" +# references, each containing two items from the given LIST. +# +# It is a quick cheap reimplementation of List::Util::pairs(), a function +# we cannot use, because it only appeared in perl v5.19.3, and we claim to +# support perl versions all the way back to v5.10. + +sub _pairs (@) { + croak "Odd number of arguments" if @_ & 1; + + my @pairlist = (); + + while (@_) { + my $x = [ shift, shift ]; + push @pairlist, $x; + } + return @pairlist; +} diff --git a/util/other.syms b/util/other.syms index 84e6bb6ba3..1ebb06fc78 100644 --- a/util/other.syms +++ b/util/other.syms @@ -143,6 +143,7 @@ custom_ext_free_cb datatype custom_ext_parse_cb datatype pem_password_cb datatype ssl_ct_validation_cb datatype +tls_session_secret_cb_fn datatype ASYNC_stack_alloc_fn datatype ASYNC_stack_free_fn datatype PKCS12_create_cb datatype diff --git a/util/perl/OpenSSL/Template.pm b/util/perl/OpenSSL/Template.pm index 7411dd8ae8..ad93278ca7 100644 --- a/util/perl/OpenSSL/Template.pm +++ b/util/perl/OpenSSL/Template.pm @@ -42,6 +42,14 @@ use Text::Template 1.46; our @ISA = qw(Text::Template); # parent +sub tmpl_error { + my (%err_dict) = @_; + + $ERROR = $err_dict{"error"}; + + return undef; +} + sub new { my $class = shift; @@ -66,6 +74,7 @@ sub fill_in { output_on => sub { $self->output_on() }, output_off => sub { $self->output_off() }, %hash }, + BROKEN => \&tmpl_error, %opts); } diff --git a/util/perl/OpenSSL/Test/Utils.pm b/util/perl/OpenSSL/Test/Utils.pm index dcff6a5c99..34eafc4659 100644 --- a/util/perl/OpenSSL/Test/Utils.pm +++ b/util/perl/OpenSSL/Test/Utils.pm @@ -1,4 +1,4 @@ -# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -72,6 +72,8 @@ Returns an item from the %config hash in \$TOP/configdata.pm. =item B Return true if IPv4 / IPv6 is possible to use on the current system. +Additionally, B also checks how OpenSSL was configured, +i.e. if IPv6 was explicitly disabled with -DOPENSSL_USE_IPv6=0. =back @@ -80,6 +82,7 @@ Return true if IPv4 / IPv6 is possible to use on the current system. our %available_protocols; our %disabled; our %config; +our %target; my $configdata_loaded = 0; sub load_configdata { @@ -91,6 +94,7 @@ sub load_configdata { %available_protocols = %configdata::available_protocols; %disabled = %configdata::disabled; %config = %configdata::config; + %target = %configdata::target; }; $configdata_loaded = 1; } @@ -221,6 +225,18 @@ sub have_IPv4 { } sub have_IPv6 { + if ($have_IPv6 < 0) { + load_configdata() unless $configdata_loaded; + # If OpenSSL is configured with IPv6 explicitly disabled, no IPv6 + # related tests should be performed. In other words, pretend IPv6 + # isn't present. + $have_IPv6 = 0 + if grep { $_ eq 'OPENSSL_USE_IPV6=0' } @{$config{CPPDEFINES}}; + # Similarly, if a config target has explicitly disabled IPv6, no + # IPv6 related tests should be performed. + $have_IPv6 = 0 + if grep { $_ eq 'OPENSSL_USE_IPV6=0' } @{$target{defines}}; + } if ($have_IPv6 < 0) { $have_IPv6 = check_IP("::1"); } diff --git a/util/perl/OpenSSL/config.pm b/util/perl/OpenSSL/config.pm index 78e1e3774b..04aef069f9 100755 --- a/util/perl/OpenSSL/config.pm +++ b/util/perl/OpenSSL/config.pm @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1998-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1998-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/util/perl/OpenSSL/paramnames.pm b/util/perl/OpenSSL/paramnames.pm index e7de37bb6a..9acb7fac99 100644 --- a/util/perl/OpenSSL/paramnames.pm +++ b/util/perl/OpenSSL/paramnames.pm @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -246,6 +246,9 @@ my %params = ( 'PKEY_PARAM_DIST_ID' => "distid", 'PKEY_PARAM_PUB_KEY' => "pub", 'PKEY_PARAM_PRIV_KEY' => "priv", + # PKEY_PARAM_IMPLICIT_REJECTION isn't actually used, or meaningful. We keep + # it for API stability, but please use ASYM_CIPHER_PARAM_IMPLICIT_REJECTION + # instead. 'PKEY_PARAM_IMPLICIT_REJECTION' => "implicit-rejection", # Diffie-Hellman/DSA Parameters diff --git a/util/perl/OpenSSL/stackhash.pm b/util/perl/OpenSSL/stackhash.pm index 6c503f29cc..7c2459b8a4 100644 --- a/util/perl/OpenSSL/stackhash.pm +++ b/util/perl/OpenSSL/stackhash.pm @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/util/perl/TLSProxy/Certificate.pm b/util/perl/TLSProxy/Certificate.pm index a32bc2c97b..4377169747 100644 --- a/util/perl/TLSProxy/Certificate.pm +++ b/util/perl/TLSProxy/Certificate.pm @@ -1,4 +1,4 @@ -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/util/perl/TLSProxy/CertificateRequest.pm b/util/perl/TLSProxy/CertificateRequest.pm index 0191df68f9..67943490bd 100644 --- a/util/perl/TLSProxy/CertificateRequest.pm +++ b/util/perl/TLSProxy/CertificateRequest.pm @@ -1,4 +1,4 @@ -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/util/perl/TLSProxy/CertificateVerify.pm b/util/perl/TLSProxy/CertificateVerify.pm index c4874c89e2..637298525d 100644 --- a/util/perl/TLSProxy/CertificateVerify.pm +++ b/util/perl/TLSProxy/CertificateVerify.pm @@ -1,4 +1,4 @@ -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/util/perl/TLSProxy/ClientHello.pm b/util/perl/TLSProxy/ClientHello.pm index 5a5f5fd34d..c24065f2b9 100644 --- a/util/perl/TLSProxy/ClientHello.pm +++ b/util/perl/TLSProxy/ClientHello.pm @@ -1,4 +1,4 @@ -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/util/perl/TLSProxy/EncryptedExtensions.pm b/util/perl/TLSProxy/EncryptedExtensions.pm index 5f867101d9..8b1e76afd5 100644 --- a/util/perl/TLSProxy/EncryptedExtensions.pm +++ b/util/perl/TLSProxy/EncryptedExtensions.pm @@ -1,4 +1,4 @@ -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/util/perl/TLSProxy/HelloVerifyRequest.pm b/util/perl/TLSProxy/HelloVerifyRequest.pm index 40162d08ef..6fa7f1ac61 100644 --- a/util/perl/TLSProxy/HelloVerifyRequest.pm +++ b/util/perl/TLSProxy/HelloVerifyRequest.pm @@ -1,4 +1,4 @@ -# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/util/perl/TLSProxy/Message.pm b/util/perl/TLSProxy/Message.pm index 2238de2bd5..d1b108f5d6 100644 --- a/util/perl/TLSProxy/Message.pm +++ b/util/perl/TLSProxy/Message.pm @@ -1,4 +1,4 @@ -# Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -464,6 +464,19 @@ sub create_message ); } $message->parse(); + } elsif ($mt == MT_NEXT_PROTO) { + $message = TLSProxy::NextProto->new( + $isdtls, + $server, + $msgseq, + $msgfrag, + $msgfragoffs, + $data, + [@message_rec_list], + $startoffset, + [@message_frag_lens] + ); + $message->parse(); } else { #Unknown message type $message = TLSProxy::Message->new( diff --git a/util/perl/TLSProxy/NewSessionTicket.pm b/util/perl/TLSProxy/NewSessionTicket.pm index 748efb8aa8..26dcc17bb0 100644 --- a/util/perl/TLSProxy/NewSessionTicket.pm +++ b/util/perl/TLSProxy/NewSessionTicket.pm @@ -1,4 +1,4 @@ -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/util/perl/TLSProxy/NextProto.pm b/util/perl/TLSProxy/NextProto.pm new file mode 100644 index 0000000000..0825ea744f --- /dev/null +++ b/util/perl/TLSProxy/NextProto.pm @@ -0,0 +1,62 @@ +# Copyright 2024 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; + +package TLSProxy::NextProto; + +use vars '@ISA'; +push @ISA, 'TLSProxy::Message'; + +sub new +{ + my $class = shift; + my ($isdtls, + $server, + $msgseq, + $msgfrag, + $msgfragoffs, + $data, + $records, + $startoffset, + $message_frag_lens) = @_; + + my $self = $class->SUPER::new( + $isdtls, + $server, + TLSProxy::Message::MT_NEXT_PROTO, + $msgseq, + $msgfrag, + $msgfragoffs, + $data, + $records, + $startoffset, + $message_frag_lens); + + return $self; +} + +sub parse +{ + # We don't support parsing at the moment +} + +# This is supposed to reconstruct the on-the-wire message data following changes. +# For now though since we don't support parsing we just create an empty NextProto +# message - this capability is used in test_npn +sub set_message_contents +{ + my $self = shift; + my $data; + + $data = pack("C32", 0x00, 0x1e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00); + $self->data($data); +} +1; diff --git a/util/perl/TLSProxy/Proxy.pm b/util/perl/TLSProxy/Proxy.pm index 06de4fbb39..0ec4ae30d2 100644 --- a/util/perl/TLSProxy/Proxy.pm +++ b/util/perl/TLSProxy/Proxy.pm @@ -1,4 +1,4 @@ -# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -7,7 +7,6 @@ use strict; use POSIX ":sys_wait_h"; -use IPC::Open2; package TLSProxy::Proxy; @@ -25,6 +24,7 @@ use TLSProxy::CertificateRequest; use TLSProxy::CertificateVerify; use TLSProxy::ServerKeyExchange; use TLSProxy::NewSessionTicket; +use TLSProxy::NextProto; my $have_IPv6; my $IP_factory; @@ -204,7 +204,7 @@ sub connect_to_server Proto => $self->{isdtls} ? 'udp' : 'tcp'); if (!defined($sock)) { my $err = $!; - kill(3, $self->{serverpid}); + kill(3, $self->{real_serverpid}); die "unable to connect: $err\n"; } @@ -290,14 +290,18 @@ sub start print STDERR "Server command: $execcmd\n"; } - $pid = IPC::Open2::open2(my $sout, my $sin, $execcmd) or die "Failed to $execcmd: $!\n"; - $self->{serverpid} = $pid; + open(my $savedin, "<&STDIN"); + + # Temporarily replace STDIN so that sink process can inherit it... + open(STDIN, "$^X -e 'sleep(10)' |") if $self->{isdtls}; + $pid = open(STDIN, "$execcmd 2>&1 |") or die "Failed to $execcmd: $!\n"; + $self->{real_serverpid} = $pid; # Process the output from s_server until we find the ACCEPT line, which # tells us what the accepting address and port are. - while (<$sout>) { + while (<>) { print; - s/\R$//; # chomp does not work on windows. + s/\R$//; # Better chomp next unless (/^ACCEPT\s.*:(\d+)$/); $self->{server_port} = $1; last; @@ -310,6 +314,38 @@ sub start die "no ACCEPT detected in '$execcmd' output: $?\n"; } + # Just make sure everything else is simply printed [as separate lines]. + # The sub process simply inherits our STD* and will keep consuming + # server's output and printing it as long as there is anything there, + # out of our way. + my $error; + $pid = undef; + if (eval { require Win32::Process; 1; }) { + if (Win32::Process::Create(my $h, $^X, "perl -ne print", 0, 0, ".")) { + $pid = $h->GetProcessID(); + $self->{proc_handle} = $h; # hold handle till next round [or exit] + } else { + $error = Win32::FormatMessage(Win32::GetLastError()); + } + } else { + if (defined($pid = fork)) { + $pid or exec("$^X -ne print") or exit($!); + } else { + $error = $!; + } + } + + # Change back to original stdin + open(STDIN, "<&", $savedin); + close($savedin); + + if (!defined($pid)) { + kill(3, $self->{real_serverpid}); + die "Failed to capture s_server's output: $error\n"; + } + + $self->{serverpid} = $pid; + print STDERR "Server responds on ", "$self->{server_addr}:$self->{server_port}\n"; @@ -366,7 +402,7 @@ sub clientstart # dead-lock... if (!($pid = open(STDOUT, "| $execcmd"))) { my $err = $!; - kill(3, $self->{serverpid}); + kill(3, $self->{real_serverpid}); die "Failed to $execcmd: $err\n"; } $self->{clientpid} = $pid; @@ -382,7 +418,7 @@ sub clientstart # Wait for incoming connection from client my $fdset = IO::Select->new($self->{proxy_sock}); if (!$fdset->can_read(60)) { - kill(3, $self->{serverpid}); + kill(3, $self->{real_serverpid}); die "s_client didn't try to connect\n"; } @@ -441,14 +477,14 @@ sub clientstart $server_sock->shutdown(SHUT_WR); } } else { - kill(3, $self->{serverpid}); + kill(3, $self->{real_serverpid}); die "Unexpected handle"; } } } if ($ctr >= 10) { - kill(3, $self->{serverpid}); + kill(3, $self->{real_serverpid}); print "No progress made\n"; $succes = 0; } @@ -467,6 +503,15 @@ sub clientstart my $pid; if (--$self->{serverconnects} == 0) { $pid = $self->{serverpid}; + print "Waiting for 'perl -ne print' process to close: $pid...\n"; + $pid = waitpid($pid, 0); + if ($pid > 0) { + die "exit code $? from 'perl -ne print' process\n" if $? != 0; + } elsif ($pid == 0) { + kill(3, $self->{real_serverpid}); + die "lost control over $self->{serverpid}?"; + } + $pid = $self->{real_serverpid}; print "Waiting for s_server process to close: $pid...\n"; # it's done already, just collect the exit code [and reap]... waitpid($pid, 0); diff --git a/util/perl/TLSProxy/Record.pm b/util/perl/TLSProxy/Record.pm index c309bc2f9f..460991e8aa 100644 --- a/util/perl/TLSProxy/Record.pm +++ b/util/perl/TLSProxy/Record.pm @@ -1,4 +1,4 @@ -# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/util/perl/TLSProxy/ServerHello.pm b/util/perl/TLSProxy/ServerHello.pm index ca1486e041..a1dabaa2b3 100644 --- a/util/perl/TLSProxy/ServerHello.pm +++ b/util/perl/TLSProxy/ServerHello.pm @@ -1,4 +1,4 @@ -# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/util/perl/TLSProxy/ServerKeyExchange.pm b/util/perl/TLSProxy/ServerKeyExchange.pm index c570d1eb30..15dd9a8898 100644 --- a/util/perl/TLSProxy/ServerKeyExchange.pm +++ b/util/perl/TLSProxy/ServerKeyExchange.pm @@ -1,4 +1,4 @@ -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/util/platform_symbols/unix-symbols.txt b/util/platform_symbols/unix-symbols.txt index 2b2fe53672..cb43fc4e24 100644 --- a/util/platform_symbols/unix-symbols.txt +++ b/util/platform_symbols/unix-symbols.txt @@ -56,6 +56,7 @@ __gmon_start__ gmtime_r gmtime ioctl +__isoc23_strtol __isoc99_sscanf _ITM_deregisterTMCloneTable _ITM_registerTMCloneTable